Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM module problem.

hey people, help with this FWSM module,again! traffic is not passing trough firewall. i configure 'access-list 100 extended permit ip any any" and apply to the inside interface. and when i ping outside world i can see that packets hit inbound access-list. i hove default route configured also. but traffic is not going from inside to the outside? what is my problem guys? thanks in advance...

3 REPLIES
Hall of Fame Super Blue

Re: FWSM module problem.

Can you post output of "sh module" from the 6500 switch.

Also if you apply an outbound access-list on the outside interface of "permit ip any any" do you see any hits on that ?

Jon

New Member

Re: FWSM module problem.

Plaza#sh module

Mod Ports Card Type Model Serial No.

--- ----- -------------------------------------- ------------------ -----------

1 6 Firewall Module WS-SVC-FWM-1 SAD1148079W

2 48 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX SAL114459AL

5 9 Supervisor Engine 32 8GE (Active) WS-SUP32-GE-3B SAL11488JYS

Mod MAC addresses Hw Fw Sw Status

--- ---------------------------------- ------ ------------ ------------ -------

1 001e.4a3f.f9be to 001e.4a3f.f9c5 4.2 7.2(1) 3.2(2) Ok

2 001d.a2d4.6138 to 001d.a2d4.6167 7.2 7.2(1) 8.5(0.46)RFW Ok

5 0007.0e5f.3768 to 0007.0e5f.3773 4.5 12.2(18r)SX2 12.2(18)SXF1 Ok

Mod Sub-Module Model Serial Hw Status

---- --------------------------- ------------------ ----------- ------- -------

5 Policy Feature Card 3 WS-F6K-PFC3B SAL11488LFM 2.3 Ok

5 Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A SAL11488JSS 4.0 Ok

Mod Online Diag Status

---- -------------------

1 Pass

2 Pass

5 Pass

______________________________________________

and yes i can see hits, and i change security-level from 0 to 1 on the outside interface, and now it works. here is the question-why?

and have another question: can i rate limit on SVI in firewall module? is there any feature like policing? thanks in advance

New Member

Re: FWSM module problem.

and here i have another problem with FWSM: i create in it 6-7 SVI, and now i realize 10-15% traffic lost. i check cpu utilization and it shows 1%. then i configure Switch without firewall, and there is no lost. xm... what can be the problem??? help!!!

141
Views
0
Helpful
3
Replies