Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Deny inbound (no xlate)

I have a problem with a fwsm on a 6509. I am on vlan1 and I want to ping a pc on vlan2. I find this error :

Deny inbound (No xlate) icmp src Vlan2:x.x.x.x dst Vlan2:y.y.y.y (type 8, code 0)

If I ping another pc on the vlan2 I don't have any problem. I know this error occurs because fwsm doesn't permit traffic when src and dst are on the same vlan. My question is: why does firewall see my pc on vlan2 even if my pc is on vlan1?

There is a NAT exemption rule from vlan1 to vlan2.

Thanks!

1 REPLY
Silver

Re: Deny inbound (no xlate)

I think type 8 code 0 are caused by the nachi worm.

Better try this ACL in your device.

access-list acl-in deny tcp any any eq 4444

access-list acl-in deny tcp any any eq 135

access-list acl-in deny udp any any eq 135

access-list acl-in deny udp any any eq 69

access-list acl-in deny icmp any any

access-list acl-in permit ip any any

access-group acl-in in interface inside

822
Views
0
Helpful
1
Replies
CreatePlease to create content