unable to ping FWSM VLAN ip from different vlan in the same FWSM

musthafa786 · ‎10-02-2013

I am unable to ping the interface IP from any other vlan interfaces attached to FWSM.

for eg: fwsm vlan 10

nameif DMZ1

ip 10.20.20.1/24 I have host in vlan 10 , that ip is 10.20.20.100

vlan 50

nameif inside

ip 10.100.100.1/24

my laptop is connected to one network , I can ping 10.20.20.100/24 which is a server ip and the default gatewsy is 10.20.20.1, I can not ping 10.20.20.1 what should be the reason?

Can anyone help me on this ?

Anas Hijjawi · ‎10-03-2013

Hi Mohammed,

Have you created access-list to allow traffic between the vlans? because once you name the vlan "inside" it will get a security-level 100, which will by default block everything from outside or from lower security-levels

Thanks, Anas *--* Please rate the useful post,its free ;) *--*

Jouni Forss · ‎10-03-2013

Hi,

I am wondering where you are pinging the IP 10.20.20.1 from? Is it from the host 10.20.20.100?

If that is not working then add

icmp permit any DMZ1

Though to my understanding ICMP should work to the interfaces by default.

If you are trying to ping 10.20.20.1 from the network 10.100.100.0/24 then this wont work to my understanding. Cisco firewalls wont let you ping an interface IP address from behind another interface on the same firewall.

- Jouni