Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

switch to firewall communication issues

I have a cat 4006 connected to a PIX 525 on the DMZ interface. the PIX is running IOS vers 6.1. The 4000 is running cat os 5.5.(10) at layer 2 and IOS version 12.0(14)W5(20) on the router card (WS-X4232-L3). For the past three days I've been noticing a strange behaviour. All networks reachable through the DMZ interface of the PIX go down. When I log in the switch and then session into the routing module I cannot ping the firewall interface on the DMZ side. From the firewall, I also cannot ping the router interface of the switch. The two devices are in the same vlan. In the arp table of the cat, I see the mac address of the firewall, but the firewall does not have an entry for the

router's mac. From the router, I can ping the standby firewall. From the primary firewall I can also ping the standby. After I do "clear arp" everything starts working fine till it happens again. When the problem occurs, I notice that I can reach any other device residing on the same IP segment as the DMZ interface of the firewal. The only device I cannot reach is the router interface on the DMZ ip segment. I've already eliminated issues such as bad cables, loops and duplicate ip addresses. I also tested the intervlan communication integrity of the switch when the outage occurs. Everything checked out ok. Does anyone have an idea what this could be? At this point I believe the problem has to do with

Thanks for your input.

1 REPLY
Bronze

Re: switch to firewall communication issues

You can try disabling VTP pruning on the switch and see if that solves the problem.

132
Views
0
Helpful
1
Replies