all my user vlans are on the core it self , but the servers vlans are on the fwsm, when 2 servers are in the same vlan they can work perfectly , but there is a delay and sometimes packet drops when a server on vlan try to communicate with other server in other vlan,
my access lists is permit ip any any so all the tracffic sould pass normally between them ,
for example when im on a server in vlan 100 and remote desktop on other server in the same vlan it took less than a sec and im on the other server.
but when a server on vlan 100 remote desktop on server on vlan 99 it may took up tp 30 sec or so to connect and also when the 2 servers in differ vlans try to gett data from eachother sometimes it took time sometimes it gives error as it cant be reached and will try to connect again.
pinging is working fine no problem.
fwsm is router not trasparent.
Servers are microsoft mail server and domain controller server.
If i make it transparent will it solve this problem ?
and if i issue the command firewall transparent should i need a downtime , or everything will work normally ??
Im not good with Security so help and if you need any more info let me know.
Changing your Cisco FWSM mode to transparent isn't the best way forward. You don't want to solve one problem and create 100 more problems. This is because Cisco FWSM in transparent mode has its' limitations.
This issue could be due to many reasons e.g. software bug on either Cat6K or FWSM, hardware performance such as high CPU/Memory utilization and LAN issues such as ARP, port speed/duplex etc.
Ramraj Sivagnanam Sivajanam
Technical Specialist/Service Delivery Manager – Managed Service Department
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...