Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

FWSM Stops Forwarding .. corrupting XLATES?

I have a FWSM that seperates various segments on the network. For some reason at times connectivity to some hosts stops without any indication why.

I had done some checking and discovered that there seems to be a corrupt XLATE created at times, which results in the FWSM not forwarding traffic properly.

---------------------------

FWSM1# sh xlate detail | incl FS01

> NAT from wan:FS01 to inside:FS01 flags Ii

> NAT from wan:FS01 to wan:FS01 flags Ii

FWSM1#

---------------------------

We have extended OSPF onto the FWSM. What I noticed this morning was that the routing table changed .. probably around the time the fault was reported.

As can be seen in the extract above ther eis a translation from one interface for FS01 back to the same interface for that same server.

Have tried almost all versions of FWSM code, does not make any difference.

Any Ideas?

  • Firewalling
1 REPLY
Cisco Employee

Re: FWSM Stops Forwarding .. corrupting XLATES?

Pls. issue "sh run same"

remove "same-security-traffic permit intra-interface"

This will stop these incorrect X-lates from getting created.

Hopefully you do not need that line. You only need that line if you have a need to U-Turn traffic out the same interface where the packet was received on.

196
Views
0
Helpful
1
Replies
This widget could not be displayed.