[c-nsp] routing through fwsm
matthew zeier
mrz at velvet.org
Sun Mar 4 18:56:02 EST 2007
Is there a trick to routing through a FWSM to non-directly connected networks?
My network looks like:
db-network (10.2.70.0/24)
|
fwsm
|
sj-nms-network (10.2.10.0/23) -- sj-vpn (10.2.10.12) == nl-vpn
On the other side of the vpn is 10.4.0.0/16 (nl). The vpn box there has
directly connected interfaces to the other networks.
Routing between the two nms networks works. Routing between the sj-nms and
networks behind the nl-vpn works. Where I'm stuck is getting the fwsm to route.
I have a route defined. If I try to connect from 10.4.70.20 to 10.2.70.103,
the fwsm logs :
Mar 3 16:22:58 fwsm1 %FWSM-3-106010: Deny inbound tcp src
nms:10.4.70.20/32770 dst db:10.2.70.103/22
but not against a specific ACL. If I go the other way around, I don't get any
errors and tcpdump on sj-vpn doesn't show any traffic either.
Any ideas?
More information about the cisco-nsp
mailing list