Problem with Cisco Firewall Service Module running in transparent mode

[greg padden <paddeng () biostat wisc edu>]

I have attempting to get a Cisco Firewall Service Module (FWSM) running 
software version 2.2(1) in transparent mode and multiple context mode.

Here is the problem that I am running into:

I have a bunch of vlans already routing on the MSFC2 blade, I want to 
move each of these vlans behind their own "virtual" firewall (what cisco 
calls a context).  So, I first remove this vlan interface from the MSFC2 
router, then I assign this vlan to the firewall module, assign a new 
vlan to the firewall module which will become the new outside vlan, then 
I session into the firewall module and allocate these two vlans to the 
new context,  I then go into the context and define the firewall rules. 
Go back to the MSFC2 router and define the new "outside" vlan inteface 
on the router.

After I have done this, "some" hosts on the inside vlan cannot connect 
to "some" places on the Internet (or other places on the outside of the 
FWSM).  If I take a test pc and give it the same ip address of the 
troubled machine I can confirm that they cannot ping, http, or IMAP to 
some hosts, but if I take a different ip address on the same LAN I can 
sucessfully connect to the same outside host (the firewall rules for 
testing are permit ip any any outbound and inbound, so it is NOT the 
firewall rules).

I have troubleshot this with Cisco about 3 times now and they cannot 
figure it out.  After a reboot of the entire Catalyst 6500 everything 
works fine!!!

So here is my complete setup: Catalyst 6509 with dual supII's with duel 
MSFC2 routers configured in SRM mode, the Cat is running hybrid IOS 7.6.7.

Has anybody else had trouble migrating VLANS from the MSFC2 to a virtual 
transparent firewall on the FWSM? Or seen this behavior?
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards