From: Scott Voll (svoll.voip@gmail.com)
Date: Thu Mar 13 2008 - 18:00:30 ARST
is sysopt proxyarp enabled?
Scott
On Thu, Mar 13, 2008 at 12:02 PM, groupstudy email <groupstudy@gmail.com>
wrote:
> Hello,
>
> I am working on a strange issue with my FWSM perhaps someone in the group
> can help me with.
>
> I have two VLANs configured:
>
> vlan 4 outside
> vlan 5 inside
>
> I noticed in my log that traffic between devices in VLAN 4 (outside) is
> being blocked by the FW. The FW seems to think that this traffic is
> destined to the inside interface. That's one issue. Another issue is the
> fact it should never even hit the FW as the devices are on the same
> subnet.
> Here is a snippet from the log:
>
> Mar 13 2008 04:03:38 FWSMcontext : %FWSM-4-106023: Deny tcp src outside:
> 10.10.10.34/1155 dst inside:10.10.10.45/139 by access-group "outside-in"
> [0x0, 0x0]
>
> My question are:
>
> 1. Does all traffic flow through the FW even if it is on the same subnet?
> 2. If so, why does the FW believe the destination is on the inside
> segment?
>
> Looks like a bug but I am not sure.
>
> Any help would be greatly appreciated.
>
> Thanks,
> S. Rick
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:53 ART