[c-nsp] IPSec (ESP) and FWSM bug ?

Jeff Fitzwater jfitz at Princeton.EDU
Mon Feb 22 12:00:32 EST 2010

I have 6500 running SXI3 with FWSM running 4.0(6)

FWSM is running in Bridging MODE

The FWSM has 3 bridge groups which are composed of the following vlans...

ISP1 (I1) router vlan 3553 FWSM vlan 4051
ISP2 (I1) router vlan 4000 FWSM vlan 4050
ISP3 (I2) router vlan 4001 FWSM vlan 4052

The vlans 4050-4052 connect to each of the ISPs.

The traffic originates  from within our network and is destined to the I2 ISP.
The router makes the correct lookup for the BEST PATH being out the vlan 4001 (I2).
Vlans 3553,4000,4001 are basically the input streams to the FWSM.
The FWSM for some reason takes the input vlan 4001 traffic that contains IPSec traffic and passes it out the I1 vlan 4051.

The issue is only with IPSec traffic.

Has anybody seen this?

Thanks in advance.

Jeff Fitzwater
OIT Network Systems
Princeton University

More information about the cisco-nsp mailing list