Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

unable to ping FWSM VLAN ip from different vlan in the same FWSM

I am unable to ping the interface IP from any other vlan interfaces attached to FWSM.

for eg: fwsm vlan 10

                        nameif DMZ1

                         ip  10.20.20.1/24      I have host  in vlan 10 , that ip is 10.20.20.100

                       vlan 50

                         nameif  inside

                         ip  10.100.100.1/24

my laptop is connected to one network , I can ping 10.20.20.100/24  which is a server ip and  the default gatewsy is 10.20.20.1, I can not ping 10.20.20.1 what should be the reason?

Can anyone help me on this ?

  • Firewalling
2 REPLIES
New Member

Re: unable to ping FWSM VLAN ip from different vlan in the same

Hi Mohammed,

Have you created access-list to allow traffic between the vlans? because once you name the vlan "inside" it will get a security-level 100, which will by default block everything from outside or from lower security-levels

Thanks, Anas *--* Please rate the useful post,its free ;) *--*
Super Bronze

unable to ping FWSM VLAN ip from different vlan in the same FWSM

Hi,

I am wondering where you are pinging the IP 10.20.20.1 from? Is it from the host 10.20.20.100?

If that is not working then add

icmp permit any DMZ1

Though to my understanding ICMP should work to the interfaces by default.

If you are trying to ping 10.20.20.1 from the network 10.100.100.0/24 then this wont work to my understanding. Cisco firewalls wont let you ping an interface IP address from behind another interface on the same firewall.

- Jouni

151
Views
0
Helpful
2
Replies