Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Contexts on FWSM!!!!!


I have the following problem

I am working with security contexts on a FWSM installed on a cat 6500

(I strongly recommend that you take a look at the topology diagram at this point)

My problem is that I can't make server SIRE_APP located on DMZ_SIRE

to communicate with any other host on any other VLAN UNLESS

i manually configure the VLANS I want to communicate with on the CAT 6500

for instance....

In order for server SIRE_APP ( (VLAN 11 --> to communicate with server DNSin ( (VLAN4 -->

i have to manually enter the following lines on the CAT 6500


interface Vlan11

description DMZ_SIRE (configured on context EXTRA)

ip address

no shutdown

interface Vlan4

description DMZ (configured on context EXTRA)

ip address

no shutdown


Then I have to manually change the SIRE_APP server's default gateway to point to

ip (vlan 11) configured on the CAT 6500 instead of pointing

to the ip (configured as an interface on contect EXTRA)

BUT if I do this ALL other hosts on ANY other vlans can't communicate with servers on the DMZ (VLAN4)


NONE of this is (or was necessary) in order for servers on VALN 4

DNSin, OASin to communicate with hosts on any other VLANS

I have setup CAPTURES (raw-data & asp-drop types) but the problem is not an access-list, I have try several NATs but still the same...

I have attached the run config for context EXTRA, context INTRA and context system (CONTEXTS.txt)

and relevan info on the running-config for the CAT 6500 (CAT 6500 with changes)

I'll appreciate any help on this issue


Hall of Fame Super Blue

Re: Contexts on FWSM!!!!!


Could you post a jpeg instead of a visio ?


New Member

Re: Contexts on FWSM!!!!!

You don't have a static from DMZ_SIRE to DMZ configured.

Are you getting xlate errors in the log of extra or the admin context?

Try adding a static and pinging.

CreatePlease to create content