- Posts: 1
- Thank you received: 0
No route Syslog Error Pix 525 Version 7.0
16 years 10 months ago #24082
by Elmi
Replied by Elmi on topic same problem %FWSM-6-110001: No route to 193.197.132.177 fro
Hi Guy,
ich have a FirewallService Modul in a Catalyst 6500 and the same Problem, when I ping any interface of the FW, no answer.
.....
!
interface Vlan8
description Notebook VLAN 8 193.197.137.0
nameif notebook
security-level 0
ip address 193.197.137.253 255.255.255.0
!
interface Vlan15
nameif belwue-wlan
security-level 0
ip address 10.7.4.254 255.255.255.0
!
interface Vlan32
nameif outside
security-level 0
ip address 193.197.136.51 255.255.255.248
!
interface Vlan91
nameif manage
security-level 0
ip address 193.197.134.29 255.255.255.224
!
icmp permit any belwue-wlan
icmp permit any outside
icmp permit any manage
icmp permit any notebook
Ich have clear the config and disable everthing with nat.
I can ping from the firewall everywhere the network, but vise versa nothing, exept the outside interface.
I can post you the whole config if you wish.
Regards
Elmi
ich have a FirewallService Modul in a Catalyst 6500 and the same Problem, when I ping any interface of the FW, no answer.
.....
!
interface Vlan8
description Notebook VLAN 8 193.197.137.0
nameif notebook
security-level 0
ip address 193.197.137.253 255.255.255.0
!
interface Vlan15
nameif belwue-wlan
security-level 0
ip address 10.7.4.254 255.255.255.0
!
interface Vlan32
nameif outside
security-level 0
ip address 193.197.136.51 255.255.255.248
!
interface Vlan91
nameif manage
security-level 0
ip address 193.197.134.29 255.255.255.224
!
icmp permit any belwue-wlan
icmp permit any outside
icmp permit any manage
icmp permit any notebook
Ich have clear the config and disable everthing with nat.
I can ping from the firewall everywhere the network, but vise versa nothing, exept the outside interface.
I can post you the whole config if you wish.
Regards
Elmi
16 years 8 months ago #24557
by ramasamy
Replied by ramasamy on topic Re: No route Syslog Error Pix 525 Version 7.0
Hi Elmi,
You can ping from the Inside network (172.17.23.0/24) to any of the IP address if Ping is allowed.
But you cannot ping from the WAPs zone (172.17.29.0) to any of the higher security level zone. As your pining from IP 172.17.29.1 which is in the WAPs zone and to 172.17.23.0/24 which is in the Inside zone.
If you want to ping you need to do One to One NAT for the IP address in the inside zone or you need to enter the command no nat-control
You also cannot ping from 172.17.29.1 to 172.17.23.30 as both the IP address are assigned to the firewall interfrace, this is the security feature of CISCO firewall. You can ping the interface IP address of the CISCO firewall only from that zone.
You can ping from the Inside network (172.17.23.0/24) to any of the IP address if Ping is allowed.
But you cannot ping from the WAPs zone (172.17.29.0) to any of the higher security level zone. As your pining from IP 172.17.29.1 which is in the WAPs zone and to 172.17.23.0/24 which is in the Inside zone.
If you want to ping you need to do One to One NAT for the IP address in the inside zone or you need to enter the command no nat-control
You also cannot ping from 172.17.29.1 to 172.17.23.30 as both the IP address are assigned to the firewall interfrace, this is the security feature of CISCO firewall. You can ping the interface IP address of the CISCO firewall only from that zone.
Time to create page: 0.140 seconds