FWSM context

Unanswered Question
Nov 20th, 2009
User Badges:

Hi NetGurus,

I have configured 2 contexes called backend and frontend. I have given a default route on both the contexes to reach the SVI on the 6509 switch. I am only able to reach

the SVI IP from the both context and vice versa. But i am unable to ping any other VLAN's created on both the contexts from the MSFC (the SVI). I have configured only

one SVI on the switch and used that as outside VLAN on both the contexts. I have also enabled ICMP permit command as well. What am i missing. Thanks in advance for all.

Regards

MFM

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Jon Marshall Sat, 11/21/2009 - 03:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

[email protected]


Hi NetGurus,

I have configured 2 contexes called backend and frontend. I have given a default route on both the contexes to reach the SVI on the 6509 switch. I am only able to reach

the SVI IP from the both context and vice versa. But i am unable to ping any other VLAN's created on both the contexts from the MSFC (the SVI). I have configured only

one SVI on the switch and used that as outside VLAN on both the contexts. I have also enabled ICMP permit command as well. What am i missing. Thanks in advance for all.

Regards

MFM


MFM


Couple of things


1) when you say you cannot ping any other vlans - do you mean the vlan interface on the FWSM or hosts on that vlan protected by the FWSM. If you mean the interface then you can't because this is a security feature of the FWSM


2) If you mean hosts then you need to check 2 things


i) have you allowed the traffic through with an acl. Be aware that with the FWSM you do not just need an acl for lower to higher security interface (which is standard for all Cisco firewalls) but you also need an acl for higher to lower as well. Alternatively you can enable ICMP inspection on the FWSM


ii) Do you have routes on the MSFC telling it how to get to the vlans protected by the FWSM ?


Jon

Actions

This Discussion