Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Issue with the Logs in FWSM

We deplyed FWSM around 3 months ago.

We are still in a process of transferring our servers VLANs from MSFC to FWSM.

Just yesterday I saw very unusual log in fwsm. I hope i can explain to you.

We have one Zone inside the FWSM which is for Symentac Servers( 10.0.71.0/24) zone name is NW-servers

We have one subnet which is on MSFC or in simple way outside FWSM interface. (10.0.4.0/24)

I applied the following rule

Anything from 10.0.4.0/24 should be allowed to NW-Servers (10.0.71.0/24)  ( Pls note that it is out going rule)

FWSM Rule.png

But when i enable logs on that specific rule then i found the below logs

FWSM Log.png

Now the strange thing is that why i am seeing 10.0.4.26 as my destination in the log because the rule itself is not configured like it.

Also we noted that the packet is with ICMP using port 3.

just for your information 10.0.4.26 is VMware ESX Host and it is using our SAN storage.

I hope i expalined you guys very well.

Can any expert help me out with it?

Thanks

Regards,

Yasir

5 REPLIES

Issue with the Logs in FWSM

any help pls.

New Member

Issue with the Logs in FWSM

ICMP type 3 are messages generated by router in case of destination unreachable.

Your servers try to connect to internet-servers directly but it may be impossible by network configuration.

Issue with the Logs in FWSM

Thanks for the reply Andrey.

I know ICMP type 3 is a destination unreachable message but it shouldn't be comming under this specific rule because my rule is only for the traffic orignating from 10.0.4.0/23 & going to 10.0.71.0/24 but logs are giving me some different strange ouput.

I think ASDM is not filtering it well , might be some bug.

New Member

Issue with the Logs in FWSM

May you show your access-list on OUTSIDE interface and NAT rules?

Issue with the Logs in FWSM

We have any any on the outside interface because we are still preparing the policy after checking the Logs.

Actually this FWSM is on Data center Core & we recently deployed it.

We also have no Nating enable on FWSM.

391
Views
0
Helpful
5
Replies
CreatePlease login to create content