From: Ramcharan, Vijay A (vijay.ramcharan@verizonbusiness.com)
Date: Thu Mar 13 2008 - 17:28:23 ARST
Check the routing table on the hosts in question. One or more may have
misconfigured masks and may be sending the traffic to the firewall just
because they don't know how to get to the destination and may simply be
using the FWSM interface as their default gateway.
There are other cases where this may not be true such as in certain
bootp situations where the host simply has no concept of "directly
connected" and merrily forwards traffic to a default gateway if one is
configured even though the destination IP it's trying to reach is on the
same subnet.
Vijay Ramcharan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
groupstudy email
Sent: March 13, 2008 14:03
To: ccielab@groupstudy.com
Subject: Off-Topic: FWSM Question
Hello,
I am working on a strange issue with my FWSM perhaps someone in the
group
can help me with.
I have two VLANs configured:
vlan 4 outside
vlan 5 inside
I noticed in my log that traffic between devices in VLAN 4 (outside) is
being blocked by the FW. The FW seems to think that this traffic is
destined to the inside interface. That's one issue. Another issue is
the
fact it should never even hit the FW as the devices are on the same
subnet.
Here is a snippet from the log:
Mar 13 2008 04:03:38 FWSMcontext : %FWSM-4-106023: Deny tcp src outside:
10.10.10.34/1155 dst inside:10.10.10.45/139 by access-group "outside-in"
[0x0, 0x0]
My question are:
1. Does all traffic flow through the FW even if it is on the same
subnet?
2. If so, why does the FW believe the destination is on the inside
segment?
Looks like a bug but I am not sure.
Any help would be greatly appreciated.
Thanks,
S. Rick
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:53 ART