Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FSWM Routed Context Issue

I have configured routed context in FWSM but it's not communication event with outside and inside directly connect router (MSFC). When I try to ping outside router IP address it show error in debug.

Denied ICMP type=0, code=0 from 192.168.15.5 on interface outside

I have configured IP any any and ICMP any any on both interfaces.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: FSWM Routed Context Issue

Hi,

Can you configure "icmp permit any outside" and then try pinging again and see if you get a response.

Regards,

Arul

*Pls rate if it helps*

Re: FSWM Routed Context Issue

As I said earlier in order to ensure that the Ping reply reaches FWSM you need to use "icmp permit any outside" command.

ACLs are only used for traffic through the FWSM .

Syed Iftekhar Ahmed

6 REPLIES
Cisco Employee

Re: FSWM Routed Context Issue

Hi,

Can you configure "icmp permit any outside" and then try pinging again and see if you get a response.

Regards,

Arul

*Pls rate if it helps*

Re: FSWM Routed Context Issue

Add the following

access-list 209 extended permit icmp any any

Syed Iftekhar Ahmed

New Member

Re: FSWM Routed Context Issue

I have already permited ICMP on both interfaces. but the problem is still there.

Re: FSWM Routed Context Issue

Are you pinging from the FWSM or from a host connected to inside interface?

If you are pinging from the FWSM and not "through" the fwsm the ping is permitted or denied based on the icmp command.

Use

icmp permit 0 0 outside

If it were a ping through the FWSM it would

be controlled via an ACL.

Syed Iftekhar Ahmed

New Member

Re: FSWM Routed Context Issue

I am Ping it from FWSM and ACL configured for ICMP on both intface (inside, outside).

Re: FSWM Routed Context Issue

As I said earlier in order to ensure that the Ping reply reaches FWSM you need to use "icmp permit any outside" command.

ACLs are only used for traffic through the FWSM .

Syed Iftekhar Ahmed

120
Views
0
Helpful
6
Replies