Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
1
Replies

IP Becomes Unreachable through FWSM in VSS

Manjunatha Jayaram
Level 1
Level 1

‎11-01-2010 10:07 PM - edited ‎03-11-2019 12:03 PM

Hi All,

We have two Cisco 6509-E  switches configured in VSS. A FWSM is installed in the VSS. Recently we faced a problem that  an IP which was configured in a Cyberoam server on the outside of the FWSM, stopped responding from inside. We changed the IP to a different one and it started responding. After some days the new IP too stopped responding and we had to change the IP to yet another IP. The version of the FWSM is 4.0.4 while the IOS of VSS is SXI3.

The problem is existing with the two IPs only (currently). We tried configuring the problematic IPs on a machine and connected it to the outside of the FWSM, but the machine was not able to communicate with the inside IP, though it was able to ping the gateway, which is the IP of the outside VLAN in FWSM.

When we try to trace the problematic IPs from the inside VLANs, the trace seems to end on packet oscillate between FWSM and Core switch IP.


C:\Users\Administrator>tracert 10.10.139.180

Tracing route to 10.10.139.180 over a maximum of 30 hops

  1     1 ms    <1 ms    <1 ms  10.10.132.2
  2     1 ms     1 ms     1 ms  10.10.139.195
  3     3 ms     5 ms     2 ms  10.10.139.195
  4     4 ms     4 ms     5 ms  10.10.139.195
  5     4 ms     3 ms     3 ms  10.10.139.195
  6     5 ms     7 ms    11 ms  10.10.139.195


10.10.139.195 is the IP of the vlan in core switch which communicates with the FWSM inside IP (10.10.139.193). The default route in switch 10.10.139.193.

We have tried rebooting the FWSM, but still the problem exists.

Has anyone faced a similare problem. Please respond.

Labels:
0 Helpful
1 Reply 1

praprama
Cisco Employee
Cisco Employee

‎11-02-2010 08:12 AM

Hi Manohar,

Please attach a brief topology with some IP addresses as well for better understanding of the problem.

Based on my understanding until now, there is some kind of loooping in the network. What IP address is this 10.10.139.180, 10.10.132.2? What is the IP address of the machine on the Inside from where you are trying to access the servers?

Please paste the output of "show xlate det | in <Problematic_IP>" for both the problematic IPs.

Regards,

Prapanch

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card