I have an FWSM running in L3 mode, installed in C6509E Switch, L3 of all other distribution layer switches are created in FWSM.
I have a long running problem of one way communication with this FWSM. IOS version is "FWSM Firewall Version 3.2(4)".
I have two pcs (PC1 and PC2) connected to two different zones of FWSM which is connected thru two different L3 Swiches.
The prob is I can ping from PC2 to PC1(I verified the path by traceroute, its coming via fwsm only), but I cannot ping to PC1 to PC2. All zones are binded with access-lists "permit ip any any" and "permit icmp any any".
While ping from PC1 to PC2 I am getting "Destination net unreachable", when tracing FWSM reports "Destination net unreachable". Interesting thing is I can ping the PC2 from FWSM.
I also tried to put a capture in FWSM for this particular source and destination(by attaching a specific access list), where I found that I am getting hits in one of the interfaces connected to PC1, and I cannot see any hits in the interface which is connected to PC2.
I am attaching a diagram for more details, any piece of info is appreciable.