Pinging Fwsm Interfaces - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Chapter 17
Monitoring and Troubleshooting the Firewall Services Module
The following example shows a successful ping from an external host (209.165.201.2) to the FWSM
outside interface (209.165.201.1):
FWSM/contexta(config)# debug icmp trace
Inbound ICMP echo reply (len 32 id 1 seq 256) 209.165.201.1 > 209.165.201.2
Outbound ICMP echo request (len 32 id 1 seq 512) 209.165.201.2 > 209.165.201.1
Inbound ICMP echo reply (len 32 id 1 seq 512) 209.165.201.1 > 209.165.201.2
Outbound ICMP echo request (len 32 id 1 seq 768) 209.165.201.2 > 209.165.201.1
Inbound ICMP echo reply (len 32 id 1 seq 768) 209.165.201.1 > 209.165.201.2
Outbound ICMP echo request (len 32 id 1 seq 1024) 209.165.201.2 > 209.165.201.1
Inbound ICMP echo reply (len 32 id 1 seq 1024) 209.165.201.1 > 209.165.201.2
The above example shows the ICMP packet length (32 bytes), the ICMP packet identifier (1), and the
ICMP sequence number (the ICMP sequence number starts at 0 and is incremented each time a request
is sent).
Pinging FWSM Interfaces
To test that the FWSM interfaces are up and running and that the FWSM and connected routers are
routing correctly, you can ping the FWSM interfaces. To ping the FWSM interfaces, follow these steps:
Create a sketch of your single mode FWSM or security context showing the interface names, security
Step 1
levels, and IP addresses. The sketch should also include any directly connected routers, and a host on the
other side of the router from which you will ping the FWSM. You will use this information for this
procedure as well as the procedure in the
Figure
Figure 17-1 Network Sketch with Interfaces, Routers, and Hosts
Host 10.1.1.56
10.1.1.2
Router
192.168.1.2
192.168.1.1
192.168.2.1
192.168.2.2
Router
10.1.2.2
Host
10.1.2.90
OL-6392-01
17-1.)
Host
209.265.200.230
209.265.200.226
Router
209.165.201.2
outside
dmz1
209.165.201.1
security
security20
Routed FWSM
dmz2
inside
192.168.0.1
security40
security100
192.168.0.2
Router
10.1.0.2
10.1.0.34
Host
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
"Pinging Through the FWSM" section on page
Host
10.1.3.6
10.1.3.2
Router
192.168.3.2
dmz3
192.168.3.1
security60
dmz4
192.168.4.1
security80
192.168.4.2
Router
10.1.4.2
Host
10.1.4.67
Troubleshooting the Firewall Services Module
Host
209.165.201.24
209.165.201.1
Router
10.1.0.1
outside
security
Transp. FWSM
10.1.0.3
inside
security100
10.1.0.2
Router
10.1.1.1
Host
10.1.1.5
17-7. (See
17-5
Advertisement
Table of Contents
Troubleshooting
