Re: FWSM - accessing secondary IP on MFSC

pokwan · ‎05-03-2006

Hi,

I have the following scenario that I needed understanding on.

The outside interface of the FWSM is vlan 2

with ip address 10.2.2.2 255.255.255.0

On the the MFSC, vlan 2 is defined as follow with a secondary IP

interface vlan 2

ip address 10.2.2.2 255.255.255.0

ip address 10.6.6.6 255.255.255.0 secondary

Can you explain why on the FWSM 10.6.6.6 is not reachable?

TIA

PF

wong34539 · ‎05-10-2006

Are you trying to configure failover configuration?

Try these links for more details on vlan and troubleshooting

http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a0080577c3b.html

http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a00802010c7.html#wp1154639

matthew.mcbride · ‎05-10-2006

What I have gathered from your configuration example, it appears the FWSM is set up behind the MSFC. Since the outside interface on the FWSM is configured with an IP address of 10.2.2.2/24 then the SVI on the MSFC for the same vlan needs to have a different host address, such as 10.2.2.1/24 for example. There is no way for traffic to reach the MSFC from the FWSM if they both have the same host address. Are you running OSPF between the MSFC and the FWSM or are you using static routes?

Best regards,

-m2

Fernando_Meza · ‎05-10-2006

from the FWSM do a show route | inc 10.6.6. and see whether there is a route for it . !! if there is , then you need to check any access-list applied to the Vlan2 interface of your PIX ..

I hope it helps ... please rate it if it does !!!

guehuber · ‎05-18-2006

hi,

you should fo an extended ping using the 10.6.6.6 as source address. This would work.

Regards