We have two Cisco 6509-E switches configured in VSS. A FWSM is installed in the VSS. Recently we faced a problem that an IP which was configured in a Cyberoam server on the outside of the FWSM, stopped responding from inside. We changed the IP to a different one and it started responding. After some days the new IP too stopped responding and we had to change the IP to yet another IP. The version of the FWSM is 4.0.4 while the IOS of VSS is SXI3.
The problem is existing with the two IPs only (currently). We tried configuring the problematic IPs on a machine and connected it to the outside of the FWSM, but the machine was not able to communicate with the inside IP, though it was able to ping the gateway, which is the IP of the outside VLAN in FWSM.
When we try to trace the problematic IPs from the inside VLANs, the trace seems to end on packet oscillate between FWSM and Core switch IP.
Tracing route to 10.10.139.180 over a maximum of 30 hops
1 1 ms <1 ms <1 ms 10.10.132.2 2 1 ms 1 ms 1 ms 10.10.139.195 3 3 ms 5 ms 2 ms 10.10.139.195 4 4 ms 4 ms 5 ms 10.10.139.195 5 4 ms 3 ms 3 ms 10.10.139.195 6 5 ms 7 ms 11 ms 10.10.139.195
10.10.139.195 is the IP of the vlan in core switch which communicates with the FWSM inside IP (10.10.139.193). The default route in switch 10.10.139.193.
We have tried rebooting the FWSM, but still the problem exists.
Has anyone faced a similare problem. Please respond.
Please attach a brief topology with some IP addresses as well for better understanding of the problem.
Based on my understanding until now, there is some kind of loooping in the network. What IP address is this 10.10.139.180, 10.10.132.2? What is the IP address of the machine on the Inside from where you are trying to access the servers?
Please paste the output of "show xlate det | in <Problematic_IP>" for both the problematic IPs.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...