Hello, I need your help with a problem I have been experiencing for a couple of days.
We got a client with a Wimax Solution. They had a firewall from another vendor and needed to upgrade to a more robust platform so they went with a Cisco 6506-E with a FWSM .
They are using traffic redirection for inside networks, the wimax packet service gateway is not routing internat traffic (public to public IP addresses) instead,public IP addresses assigned to clients are forwarded to the wimax packet service gateway and then the traffic flow is redirected to the outside of the FWSM for firewall inspection. see attached diagram
I already fixed TCP traffic between those networks using TCP state bypass feature, everything works good but ICMP, this has been a total nightmare.
I have a permit any any in the inside and a permit any to public networks in the inside plus the inspect ICMP. With this configuration ICMP is treated as stateful.
when I remove the ICMP inspection, ICMP traffic from inside to outside stops working and redirected ICMP traffic works OK.
Now I tried a solution I read in the book Cisco Press - Cisco Firewalls but it didn't work:
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...