Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

IP Becomes Unreachable through FWSM in VSS

Hi All,

We have two Cisco 6509-E  switches configured in VSS. A FWSM is installed in the VSS. Recently we faced a problem that  an IP which was configured in a Cyberoam server on the outside of the FWSM, stopped responding from inside. We changed the IP to a different one and it started responding. After some days the new IP too stopped responding and we had to change the IP to yet another IP. The version of the FWSM is 4.0.4 while the IOS of VSS is SXI3.

The problem is existing with the two IPs only (currently). We tried configuring the problematic IPs on a machine and connected it to the outside of the FWSM, but the machine was not able to communicate with the inside IP, though it was able to ping the gateway, which is the IP of the outside VLAN in FWSM.

When we try to trace the problematic IPs from the inside VLANs, the trace seems to end on packet oscillate between FWSM and Core switch IP.


C:\Users\Administrator>tracert 10.10.139.180

Tracing route to 10.10.139.180 over a maximum of 30 hops

  1     1 ms    <1 ms    <1 ms  10.10.132.2
  2     1 ms     1 ms     1 ms  10.10.139.195
  3     3 ms     5 ms     2 ms  10.10.139.195
  4     4 ms     4 ms     5 ms  10.10.139.195
  5     4 ms     3 ms     3 ms  10.10.139.195
  6     5 ms     7 ms    11 ms  10.10.139.195


10.10.139.195 is the IP of the vlan in core switch which communicates with the FWSM inside IP (10.10.139.193). The default route in switch 10.10.139.193.

We have tried rebooting the FWSM, but still the problem exists.

Has anyone faced a similare problem. Please respond.

1 REPLY
Cisco Employee

Re: IP Becomes Unreachable through FWSM in VSS

Hi Manohar,

Please attach a brief topology with some IP addresses as well for better understanding of the problem.

Based on my understanding until now, there is some kind of loooping in the network. What IP address is this 10.10.139.180, 10.10.132.2? What is the IP address of the machine on the Inside from where you are trying to access the servers?

Please paste the output of "show xlate det | in <Problematic_IP>" for both the problematic IPs.

Regards,

Prapanch

283
Views
0
Helpful
1
Replies