Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

FWSM context

Hi NetGurus,

I have configured 2 contexes called backend and frontend. I have given a default route on both the contexes to reach the SVI on the 6509 switch. I am only able to reach

the SVI IP from the both context and vice versa. But i am unable to ping any other VLAN's created on both the contexts from the MSFC (the SVI). I have configured only

one SVI on the switch and used that as outside VLAN on both the contexts. I have also enabled ICMP permit command as well. What am i missing. Thanks in advance for all.

Regards

MFM

1 REPLY
Hall of Fame Super Blue

Re: FWSM context

faizm@sejeltech.com

Hi NetGurus,

I have configured 2 contexes called backend and frontend. I have given a default route on both the contexes to reach the SVI on the 6509 switch. I am only able to reach

the SVI IP from the both context and vice versa. But i am unable to ping any other VLAN's created on both the contexts from the MSFC (the SVI). I have configured only

one SVI on the switch and used that as outside VLAN on both the contexts. I have also enabled ICMP permit command as well. What am i missing. Thanks in advance for all.

Regards

MFM

MFM

Couple of things

1) when you say you cannot ping any other vlans - do you mean the vlan interface on the FWSM or hosts on that vlan protected by the FWSM. If you mean the interface then you can't because this is a security feature of the FWSM

2) If you mean hosts then you need to check 2 things

i) have you allowed the traffic through with an acl. Be aware that with the FWSM you do not just need an acl for lower to higher security interface (which is standard for all Cisco firewalls) but you also need an acl for higher to lower as well. Alternatively you can enable ICMP inspection on the FWSM

ii) Do you have routes on the MSFC telling it how to get to the vlans protected by the FWSM ?

Jon

368
Views
3
Helpful
1
Replies
CreatePlease login to create content