Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

FWSM dropping packets of permit rules

Hi

I'm having a strange issue with a FWSM ,

it has 4 networks ( inside , outside , dmz 1-2)

when i try to connect to an inside host from outside , fwsm denies the connection attempt, but the rule configured permits this traffic.

But when from the inside host I connect to the ouside host , traffic before denied now is permitted. I have modified antispoofing and others but I don't fix it

3 REPLIES
Anonymous
N/A

Re: FWSM dropping packets of permit rules

If the traffic does not pass through the FWSM.

Possible Cause : The VLANs are not configured on the switch or are not assigned to the FWSM.

Recommended Action : Configure the VLANs and assign them to the FWSM according to the steps mentioned here:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/switch_f.html#wpxref34592

Hall of Fame Super Blue

Re: FWSM dropping packets of permit rules

Sounds like you may have a NAT issue ie. when you connect from inside to outside you build a translation that can then be used from outside to inside.

Could you post the relevant portions of config for the NAT. Also could you detail the source and destination addresses on the inside and outside.

Jon

New Member

Re: FWSM dropping packets of permit rules

Hi Jon

yes... there was the command 'nat-control' enabled. I disabled it and now it works

210
Views
0
Helpful
3
Replies
CreatePlease to create content