Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Contexts on FWSM!!!!!

Hello

I have the following problem

I am working with security contexts on a FWSM installed on a cat 6500

(I strongly recommend that you take a look at the topology diagram at this point)

My problem is that I can't make server SIRE_APP located on DMZ_SIRE

to communicate with any other host on any other VLAN UNLESS

i manually configure the VLANS I want to communicate with on the CAT 6500

for instance....

In order for server SIRE_APP (172.29.2.5) (VLAN 11 -->172.29.2.0) to communicate with server DNSin (172.29.1.2) (VLAN4 -->172.29.1.0)

i have to manually enter the following lines on the CAT 6500

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

interface Vlan11

description DMZ_SIRE (configured on context EXTRA)

ip address 172.29.2.254 255.255.255.0

no shutdown

interface Vlan4

description DMZ (configured on context EXTRA)

ip address 172.29.1.254 255.255.255.0

no shutdown

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Then I have to manually change the SIRE_APP server's default gateway to point to

ip 172.29.2.254 (vlan 11) configured on the CAT 6500 instead of pointing

to the ip 172.29.2.1 (configured as an interface on contect EXTRA)

BUT if I do this ALL other hosts on ANY other vlans can't communicate with servers on the DMZ (VLAN4)

Meanwhile....

NONE of this is (or was necessary) in order for servers on VALN 4

DNSin, OASin to communicate with hosts on any other VLANS

I have setup CAPTURES (raw-data & asp-drop types) but the problem is not an access-list, I have try several NATs but still the same...

I have attached the run config for context EXTRA, context INTRA and context system (CONTEXTS.txt)

and relevan info on the running-config for the CAT 6500 (CAT 6500 with changes)

I'll appreciate any help on this issue

Glenn

2 REPLIES
Hall of Fame Super Blue

Re: Contexts on FWSM!!!!!

Glenn

Could you post a jpeg instead of a visio ?

Jon

New Member

Re: Contexts on FWSM!!!!!

You don't have a static from DMZ_SIRE to DMZ configured.

Are you getting xlate errors in the log of extra or the admin context?

Try adding a static and pinging.

146
Views
0
Helpful
2
Replies
CreatePlease to create content