06-28-2008 09:28 PM - edited 03-11-2019 06:06 AM
hey people, help with this FWSM module,again! traffic is not passing trough firewall. i configure 'access-list 100 extended permit ip any any" and apply to the inside interface. and when i ping outside world i can see that packets hit inbound access-list. i hove default route configured also. but traffic is not going from inside to the outside? what is my problem guys? thanks in advance...
06-29-2008 02:52 AM
Can you post output of "sh module" from the 6500 switch.
Also if you apply an outbound access-list on the outside interface of "permit ip any any" do you see any hits on that ?
Jon
06-29-2008 04:28 AM
Plaza#sh module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 6 Firewall Module WS-SVC-FWM-1 SAD1148079W
2 48 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX SAL114459AL
5 9 Supervisor Engine 32 8GE (Active) WS-SUP32-GE-3B SAL11488JYS
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
1 001e.4a3f.f9be to 001e.4a3f.f9c5 4.2 7.2(1) 3.2(2) Ok
2 001d.a2d4.6138 to 001d.a2d4.6167 7.2 7.2(1) 8.5(0.46)RFW Ok
5 0007.0e5f.3768 to 0007.0e5f.3773 4.5 12.2(18r)SX2 12.2(18)SXF1 Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ ----------- ------- -------
5 Policy Feature Card 3 WS-F6K-PFC3B SAL11488LFM 2.3 Ok
5 Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A SAL11488JSS 4.0 Ok
Mod Online Diag Status
---- -------------------
1 Pass
2 Pass
5 Pass
______________________________________________
and yes i can see hits, and i change security-level from 0 to 1 on the outside interface, and now it works. here is the question-why?
and have another question: can i rate limit on SVI in firewall module? is there any feature like policing? thanks in advance
06-29-2008 07:52 AM
and here i have another problem with FWSM: i create in it 6-7 SVI, and now i realize 10-15% traffic lost. i check cpu utilization and it shows 1%. then i configure Switch without firewall, and there is no lost. xm... what can be the problem??? help!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide