How to Ping FSM module from Core Switch 6513-Reg

Unanswered Question
May 13th, 2010

Dear All,

          In our Project, we are having Core Switch 6513 which included FSM Module also.. I have configured eight vlans for different application.Additionaly i configured the three different VLAN (i.e 1-inside,1-outside and 1-failover) in core switch..I assigned the IP for failover in firewall.but i cant able to ping the failover ip from Core Switch..The initial configuration of firewall as follow

FWSM# sh run
: Saved
:
FWSM Version 3.2(5)
!
hostname FWSM
enable password WQl4NkGWhELkeLq8 encrypted
names
!
interface Vlan567
nameif inside
security-level 100
no ip address
!
interface Vlan888
nameif outside
security-level 0
no ip address
!
interface Vlan4000
description LAN/STATE Failover Interface
!
passwd Kj1gYbFykrj/gA19 encrypted
ftp mode passive
access-list inside extended permit tcp any any
access-list any extended permit ip any any
pager lines 24
logging enable
logging console debugging
logging monitor debugging
mtu inside 1500
mtu outside 1500
failover
failover lan unit primary
failover lan interface fover Vlan4000
failover link fover Vlan4000
failover interface ip fover 10.237.189.193 255.255.255.252 standby 10.237.189.194
icmp permit any inside
icmp permit any outside
no asdm history enable
arp timeout 14400
access-group any in interface inside
access-group any out interface inside
access-group any in interface outside
access-group any out interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 10.237.186.120 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 30
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect smtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:bbecb61cfe1a15c176a914ddaec7ac56
: end

What i have to do in this case?

Please help me in this case.

Thanks in Advance

Senthil

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
haseeb Thu, 05/13/2010 - 06:40

Just try to remove this vlan from the firewall and first test it with MSFC and Make sure that you had created this VLAN on the secondary FWSM as well and ensure that it's going over to primary core switch through a trunk.

Senthil Rajendra Thu, 05/13/2010 - 07:15

Dear Haseeb,

                  I have created access list for allowing the ping response to firewall.But i cant able to ping the firewall from core switch.Other than that anything i have to configure from firewall for getting ping response.

After that, what are the files to be uploaded/configured for getting GUI via ASDM.

FWSM# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: fover Vlan 4000 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 50%
Monitored Interfaces 0 of 250 maximum
Config sync: active
Version: Ours 3.2(5), Mate 3.2(5)
Last Failover at: 12:13:59 IST May 6 2010
        This host: Primary - Active
                Active time: 631854 (sec)
                Interface inside (0.0.0.0): Normal (Not-Monitored)
                Interface outside (0.0.0.0): No Link (Not-Monitored)
        Other host: Secondary - Standby Ready
                Active time: 8 (sec)
                Interface inside (0.0.0.0): Normal (Not-Monitored)
                Interface outside (0.0.0.0): Unknown (Not-Monitored)

FWSM# sh failover

Failover On
Failover unit Secondary
Failover LAN Interface: fover Vlan 4000 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 50%
Monitored Interfaces 0 of 250 maximum
Config sync: active
Version: Ours 3.2(5), Mate 3.2(5)
Last Failover at: 16:20:51 IST May 10 2010
        This host: Secondary - Standby Ready
                Active time: 8 (sec)
                Interface inside (0.0.0.0): Normal (Not-Monitored)
                Interface outside (0.0.0.0): No Link (Not-Monitored)
        Other host: Primary - Active
                Active time: 631519 (sec)
                Interface inside (0.0.0.0): Unknown (Not-Monitored)
                Interface outside (0.0.0.0): Unknown (Not-Monitored)

Thanks for replying

Senthil

Actions

This Discussion

Related Content