can't successfully ping the SVI address on FWSM. WHY?
I have two C6509-E switch outfitted with one FWSM per each. And use vlan 200 for outside between C6509 and FWSM. the snapshot of configure are as follows, but i can't ping the SVI of vlan 200 from FWSM. However "show arp" on c6509 indicate that C6509 has learned the correct MAC address of outside ip address.
firewall module 2 vlan-group 1
firewall vlan-group 1 101,102,200,210-221
FWSM Version 2.3(4) <system>
resource acl-partition 3
enable password xxx
ftp mode passive
pager lines 24
logging buffer-size 4096
limit-resource IPSec 5
limit-resource Mac-addresses 65535
limit-resource PDM 5
limit-resource SSH 5
limit-resource Telnet 5
limit-resource All 0
limit-resource All 5.0%
failover lan unit primary
failover lan interface faillink vlan 101
failover polltime unit 1 holdtime 15
failover polltime interface 15
failover interface-policy 50%
failover replication http
failover link statelink vlan 102
failover interface ip faillink 172.16.17.1 255.255.255.252 standby 172.16.17.2
failover interface ip statelink 172.16.17.5 255.255.255.252 standby 172.16.17.6
Re: can't successfully ping the SVI address on FWSM. WHY?
in my config, the context-a is the admin-context and I have added the "permit ip any any" ACL both in outside and inside interface. So why still need add icmp related ACL? In addition, I restore the multiple context mode to single context mode and also correctly config the basic setting. But it still didn't work. I can successfuly ping the each other through the failover and stateful link.
An interesting thing is when I execute the "show interface" command regardless on context or system execution space, it showed lots of packets were dropped except for under the edbc interface(internal interface connected to C6509 Switch). WHY?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...