cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
643
Views
0
Helpful
2
Replies

FWSM Inter-Context traffic

trevora
Level 1
Level 1

I have a FWSM with 2 contexts. The OUTSIDE interfaces are each in their own L3 vlan and in a common VRF. (ie: both next to each other looking out)

I am having a problem getting traffic from one FW to go out C1 and enter C2. I can ping all the outside interfaces but not through the FW (from other FW and inside client).

Any ideas???

running v4.03

2 Replies 2

yagnesh_tel
Level 1
Level 1

Considering you have allowed this communication through ACL in these contexts, you should provide routing in MSFC for inside vlans using static routes. These static routes should be pointing to outside interfaces of the respected contexts. For example:

ip route vrf [vrf name] [inside vlan & subnet mask] [outside interface]

trevora
Level 1
Level 1

It turned out that one of our engineers changed the inside interface IP and got the subnet mask wrong. Once I fixed that it started working.

I was concerned that it it may have been related to the clasifier as we are not doing nat for all traffic. I would have then had to put in a bunch of static nat rules. It seems the FWSM does not support a manual MAC addr to be defined on the interfaces like the ASA allows.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: