Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Some Clients can not connect through the Firewall (FWSM)

Hello Everybody,

we have some probs with our implemented FWSM. Some Clients can not connect through the firewall. I give u an example, the Subnet 10.1.4.72/29 is a normal subnet when I try to reach the router for this vpn-subnet 10.1.4.73 I got a echo-reply, but when I try to get an reply from 10.1.4.77 I didn´t get it, but from  the IP-Phone 10.1.4.75 I got an reply. At the client 10.1.4.77 the firewall on this pc is deactivated. Our VPN Concentrator reach also the pc 10.1.4.77 through the VPN Tunnel. When I try to ping the pc from the ESA4 interface from FWSM I got "?????" this as reply, do I the same with the router 10.1.4.73 I got success "!!!!!".... Did u imagine what I mean?? thx a lot in advanced alexx

We have the FWSM 4.1.7

Is it possible that the FWSM is blocking some adresses, how can I check this.... thanks in advanved for any solutions

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: Some Clients can not connect through the Firewall (FWSM)

Hi,

The network mask you give in the original post /29 is not atleast matching your actual FWSM route command which is

route esa4 10.1.4.72 255.255.255.252 cc3kvpn01 1

That route command includes addresses 10.1.4.72 - 75 and the mask is /30

You also have route command (and name command)

name 10.1.0.0 VPN-REMOTE

route esa4 VPN-REMOTE 255.255.0.0 10.10.84.254 2

Which would mean that if you ping from the FWSM or anywhere else, the ICMP would be sent some other gateway address. That is, when you are pinging the host 10.1.4.77 address. It would be forwarded to another gateway compared to the addresses 10.1.4.73 and .75

Please rate if this information was helpfull

- Jouni

2 REPLIES
Super Bronze

Re: Some Clients can not connect through the Firewall (FWSM)

Hi,

The network mask you give in the original post /29 is not atleast matching your actual FWSM route command which is

route esa4 10.1.4.72 255.255.255.252 cc3kvpn01 1

That route command includes addresses 10.1.4.72 - 75 and the mask is /30

You also have route command (and name command)

name 10.1.0.0 VPN-REMOTE

route esa4 VPN-REMOTE 255.255.0.0 10.10.84.254 2

Which would mean that if you ping from the FWSM or anywhere else, the ICMP would be sent some other gateway address. That is, when you are pinging the host 10.1.4.77 address. It would be forwarded to another gateway compared to the addresses 10.1.4.73 and .75

Please rate if this information was helpfull

- Jouni

New Member

Re: Some Clients can not connect through the Firewall (FWSM)

Yes thats right, basic issue netmask 252 magic number is 4. Oh my god so fucking simple. Thx a lot sometimes u need a second one ;-) thx alexx

520
Views
0
Helpful
2
Replies
CreatePlease login to create content