Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

urgent! vlan in FWSM can't connect to outside

Hi all,

I use FWSM in Catalyst 6513. Today, I have an error:

1) Vlans that FWSM manages can't connect to outside(for example: connect to Internet). Other Vlans can connect normally.

2) When I reload FWSM, the above events happen again after 3 - 5 minute.

If you know, please answer me early because my company needs to connect to outside.

10 REPLIES
New Member

Re: urgent! vlan in FWSM can't connect to outside

It's hard to tell from your configs. But are you configuring the vlans on the 6513? Also, remember that of the FWSM denies all traffic in and out, you have to create a rule to allow outbound traffic from each of your vlans behind the FW. Hope this helps.

New Member

Re: urgent! vlan in FWSM can't connect to outside

Thank you for your answer. But You can provide information to overcome the above problem. If you need more information, please ask me, I will provide.

Hall of Fame Super Blue

Re: urgent! vlan in FWSM can't connect to outside

Hi

Can you provide the config from th switch(es) which is relevant to the FWSM and the config from one of your DMZ's that access to the internet is not working for.

Also is the FWSM in

1) routed or transparent

2) multiple or single context

Has any change been made on the switch(es) or FWSM recently ?

Jon

New Member

Re: urgent! vlan in FWSM can't connect to outside

Hi,

I send the file "show tech-support" in FWSM, you can look at the file and see the configuration .

I don't change anything in FWSM or Switch recently. I have many vlans such as billing, security, voice but all of vlans can't connect to internet.

Hall of Fame Super Blue

Re: urgent! vlan in FWSM can't connect to outside

Hi

Had at a look at config from bottom of sh tech-support. Where are the access-lists, did you miss them out when sending the file ?

Jon

New Member

Re: urgent! vlan in FWSM can't connect to outside

I don't send them because access-list is no problem. Sometimes vlan that FWSM can't connect to outside, I don't change any access-list, after a short time, I can connect to outside. I think that FWSM has a error.

Before FWSM has an error, I connect to outside normally based on the same access-list.

Hall of Fame Super Blue

Re: urgent! vlan in FWSM can't connect to outside

Hi

Your failover is not currently working according to the show tech-support.

Can you check that you have allocated the same vlans to the FWSM on both switches ?

ie the firewall vlan-group "number" "vlans"

the vlans need to be the same on both switches.

Jon

New Member

Re: urgent! vlan in FWSM can't connect to outside

I think that is OK. One week ago, both FWSM act normally but in recently days, FWSM1 can't act. When FWSM1 actives, Catalyst 6513 is suspended and some vlans that FWSM1 manages can't connect to outside. So, I must stop FWSM1.

Hall of Fame Super Blue

Re: urgent! vlan in FWSM can't connect to outside

Hi

Your failover happened on Jan 31 when your problems started. Unless you deliberately failed it over this seems more than coincidence.

Did you check the "firewall vlan-group x vlan list" statements on both your switches ?.

If you have assigned a vlan to the FWSM on one switch but not the other it will all be fine until it fails over then you will have problems.

I think you need to fix failover and then see if you are still having the same problems.

HTH

Jon

New Member

Re: urgent! vlan in FWSM can't connect to outside

Thank Jon but I think that the configuration of both firewall is OK means that both firewalls has the same configuration. The problems happened on Jan30, and I stop Firewall 1 on Jan31.

350
Views
0
Helpful
10
Replies