Cisco Catalyst 6500 Series Configuration Manual page 326
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Troubleshooting the Firewall Services Module
Symptom
Possible Cause
configuring contexts at the command line, you did not save the context before you changed to the
next context.
Recommended Action
command. You cannot save contexts from the system execution space.
Symptom
Possible Cause
Recommended Action
on page 11-1
Symptom
Possible Cause
Recommended Action
FWSM" section on page
Symptom
Possible Cause
destination interfaces.
Recommended Action
allow returning traffic through. In addition to an ACL on the source interface, you either need to
apply an ACL to destination interface to allow replying traffic, or enable the ICMP inspection engine,
which treats ICMP connections as stateful connections.
Symptom
interface.
Possible Cause
Unlike the PIX firewall, the FWSM does not automatically allow traffic to pass between interfaces.
Recommended Action
an Extended Access Control List" section on page
Symptom
Possible Cause
same security level.
Recommended Action
Interfaces on the Same Security Level" section on page
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
17-12
The context configuration was not saved, and was lost when you reloaded.
You did not save each context within the context execution space. If you are
Save each context within the context execution space using the copy run start
You cannot make a Telnet connection or SSH to the FWSM interface.
You did not enable Telnet or SSH to the FWSM.
Enable Telnet or SSH to the FWSM according to the
or the
"Allowing SSH" section on page
You cannot ping the FWSM interface.
You did not enable ICMP to the FWSM.
Enable ICMP to the FWSM according to the
11-10.
You cannot ping through the FWSM, even though the ACL allows it.
You did not enable the ICMP inspection engine or apply ACLs on both the source and
Because ICMP is a connectionless protocol, the FWSM does not automatically
Traffic does not go through the FWSM from a higher security interface to a lower security
You did not apply an ACL to the higher security interface to allow traffic through.
Apply an ACL to the source interface to allow traffic through. See the
Traffic does not pass between two interfaces on the same security level.
You did not enable the feature that allows traffic to pass between interfaces on the
Enable this feature according to the
Chapter 17
Monitoring and Troubleshooting the Firewall Services Module
11-2.
10-13.
"Allowing Communication Between
6-8.
"Allowing Telnet" section
"Allowing ICMP to and from the
"Adding
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Cisco Catalyst 6500 Series
Related Products for Cisco Catalyst 6500 Series
- Cisco 6503 - Catalyst Firewall Security Sys
- Cisco 6503-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6504-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6506 - Catalyst Chassis Switch
- Cisco 6513 - Catalyst Switch
- Cisco Catalyst 6509
- Cisco Catalyst 6513-E
- Cisco Catalyst 6500-E Series