Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Routing on FWSM

     I have following Setup..... (FWSM in Cisco 7609 )

     both FWSM interfaces are in security level 0 ....

     following command is there too

     "same-security-traffic permit inter-interface"

      "route if_outside 0.0.0.0 0.0.0.0 10.1.90.5"

Picture1.png

     i am unable to understand which Firewall rule producing following Result:

    From MSFC:

  • ping 10.1.90.4 ---> OK
  • ping 10.1.90.12 ----> OK
  • ping 10.1.90.4 source loopback 0  ---> OK
  • ping 10.1.90.12 source loopback 0  ---> NO Reply (Why?) 
    • and message ASDM "No route to 202.92.25.254 from 10.1.90.12"

then i add route:

     "route if_inside 202.92.25.254 255.255.255.255 10.1.90.14"

  So,

  • ping 10.1.90.12 source loopback 0  ---> OK

could any help to understand why default Route was not used....

Everyone's tags (2)
1 REPLY
Super Bronze

Routing on FWSM

Pinging across the FWSM interfaces are not supported. You won't be able to ping the inside interface of the FWSM when ping is coming from the outside interface.

You can only ping the interface where the traffic is coming from, ie: if it's routing via the Outside interface, you can only ping the Outside interface, not the Inside interface, and vice versa, if it's routing via the Inside interface, you can only ping the Inside inteface, not the Outside.

So from your test above, after adding route:

route if_inside 202.92.25.254 255.255.255.255 10.1.90.14

--> you can only ping 10.1.90.12 sourcing from loopback0, and you won't be able to ping 10.1.90.4 anymore once the above route is added.

272
Views
0
Helpful
1
Replies