Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM - Ping Working but NO TCP Connection

I have two interfaces, vlan 45 and vlan 46.

vlan 45 have a security level of 30 and vlan 46 have 25.

I have a server running on vlan 46, I can ping from the server connected in vlan 45.

I have applied "permit ip any any" in both the interfaces in "IN" direction. but when I could not telnet from the server in vlan 45 to vlan 46.

I put a capture in the interface vlan 45, when I ping I can see packets, I cant see any packets when I telnet (or any other TCP).

ultimately I can get any TCP session to vlan 46 from 45.

Any inputs are appreciated.

4 REPLIES
New Member

Re: FWSM - Ping Working but NO TCP Connection

Hi,

Could you post your config.

Thanks,

Robert

New Member

Re: FWSM - Ping Working but NO TCP Connection

Please ignore the vlans specified in the previous post, The Original Vlans are Vlan16 (intranet) and Vlan24 (EMS_VLAN), Traffic flow is

PC1->[vlan16->FWSM->vlan24]->PC2

Both Vlan 16 and Vlan 24 is created on FWSM. ping is successful from PC1 to PC2. But when you telnet from PC1 to PC2, not gettig, Access list is "permit ip any any" in both the interfaces of Vlan16 and Vlan24.

New Member

Re: FWSM - Ping Working but NO TCP Connection

It has been solved as the problem was in the ingress network. Thanks for your help. Hoever it will be great for me if I get ant good docs on FWSM. Already we have another problem of xlate that is not building any connections.. At times when we clear the Xlate, it will start working

Cisco Employee

Re: FWSM - Ping Working but NO TCP Connection

When addressing any issues with xlates, the best command to consider is 'show xlate detail | inc '. Try this command for both the source and destination IP address. Compare the output of this command with the expected interfaces for ingress and egress. If you are still not sure which xlate is the problem, you can parse through the 'clear xlate ?' command to clear individual xlates.

Once you determine which xlate is the problem, be sure to investigate all routes, nat/global pairs, and static statements for accuracy.

You can find all FWSM documentation (configuration guides and command references) via the link below:

http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/tsd_products_support_model_home.html

229
Views
0
Helpful
4
Replies