Weird ping

Unanswered Question
Feb 27th, 2012
User Badges:

Let's consider this situation:

- 6500 handling LAN <-> LAN traffic

- FSWM handling LAN <-> WAN traffic


FWSM has outside interface IP address 1.2.3.4 (mask 255.255.255.0)

There is a server with IP address 1.2.3.100 (mask is same 255.255.255.0)

There are another servers with IP adresses 1.2.3.50 and 1.2.3.150 (mask 255.255.255.0).

There is a LAN client, 10.10.10.10 (mask 255.255.255.0)


The problem is, I cannot ping 1.2.3.100 from 10.10.10.10, but can 1.2.3.50 and 1.2.3.150.


- there's proper configuration for 6500 to handle traffic from 10.10.10.10 to 1.2.3.0/255.255.255.0

- server 1.2.3.100 has no firewall and I am sure the server is properly configured for network communication

- there's correct MAC address in FWSM ARP cache

- I see log records in FWSM Logging window only when I am not able to ping 1.2.3.100

- I can ping 1.2.3.100 from 10.10.10.10 after dozens of pings

- there're not log records in FWSM Logging window when I am able to ping 1.2.3.100

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ton V Engelen Tue, 02/28/2012 - 00:34
User Badges:
  • Bronze, 100 points or more

Hi,


did you reload the fwsm after configuration?


I have seen the fwsm route half subnets ( What?? Yes! ) which can happen as for instance a new l3 interface.is setup on the fwsm


Only after reloading the fwsm the whole subnet was routed correctly again. 


Hope it helps

Ton V Engelen Thu, 03/01/2012 - 02:39
User Badges:
  • Bronze, 100 points or more

Hi,


can you ping the server from the firewall outside interface? Does that work?

Ton V Engelen Thu, 03/01/2012 - 03:45
User Badges:
  • Bronze, 100 points or more

Ok,. so from the outside interface there seems to be no problem.


Looks like the problem is between the client and the outside interface.


You say that you can ping from 10.10.10.10 after dozens of other pings (that fail i presume)


- are there any issues with nat translations?

- a filtering rule that is overlooked?

- which firmware is on the fwsm / 6500

Actions

This Discussion

Related Content