Weird ping

Marian Hercek · ‎02-27-2012

Let's consider this situation:

- 6500 handling LAN <-> LAN traffic

- FSWM handling LAN <-> WAN traffic

FWSM has outside interface IP address 1.2.3.4 (mask 255.255.255.0)

There is a server with IP address 1.2.3.100 (mask is same 255.255.255.0)

There are another servers with IP adresses 1.2.3.50 and 1.2.3.150 (mask 255.255.255.0).

There is a LAN client, 10.10.10.10 (mask 255.255.255.0)

The problem is, I cannot ping 1.2.3.100 from 10.10.10.10, but can 1.2.3.50 and 1.2.3.150.

- there's proper configuration for 6500 to handle traffic from 10.10.10.10 to 1.2.3.0/255.255.255.0

- server 1.2.3.100 has no firewall and I am sure the server is properly configured for network communication

- there's correct MAC address in FWSM ARP cache

- I see log records in FWSM Logging window only when I am not able to ping 1.2.3.100

- I can ping 1.2.3.100 from 10.10.10.10 after dozens of pings

- there're not log records in FWSM Logging window when I am able to ping 1.2.3.100

Ton V Engelen · ‎02-28-2012

Hi,

did you reload the fwsm after configuration?

I have seen the fwsm route half subnets ( What?? Yes! ) which can happen as for instance a new l3 interface.is setup on the fwsm

Only after reloading the fwsm the whole subnet was routed correctly again.

Hope it helps

Marian Hercek · ‎02-29-2012

This is not the case.

Reload didn't help.

Ton V Engelen · ‎03-01-2012

Hi,

can you ping the server from the firewall outside interface? Does that work?

Marian Hercek · ‎03-01-2012

Yeah, it does.

Ton V Engelen · ‎03-01-2012

Ok,. so from the outside interface there seems to be no problem.

Looks like the problem is between the client and the outside interface.

You say that you can ping from 10.10.10.10 after dozens of other pings (that fail i presume)

- are there any issues with nat translations?

- a filtering rule that is overlooked?

- which firmware is on the fwsm / 6500