FWSM 3.1(3)

Unanswered Question
Jun 19th, 2007

Trying to pass traffic thro a FWSM and I don't seem to be getting anywhere. if someone knows how to, that would help a lot. Sample config below..

System Config >>

context Lab

allocate-interface vlan101

allocate-interface vlan201

config-url dis:/admin.cfg

member default

Context Lab

firewall transparent

interface vlan101

nameif outside

security-level 0

bridge-group 1

interface vlan201

nameif inside

security-level 100

bridge-group 1

interface bvi 1

ip address / 24

Have a routed interface on vlan 201 connecting to port 1/5 and a routed interface on vlan 101 connecting to port 1/10 on the switch. Trying to PING from the FWSM to vlan 201 & vlan 101. I get no replies for both PINGs. Pls advise.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
carenas123 Mon, 06/25/2007 - 11:45

In routed mode, some types of traffic cannot pass through the FWSM even if you allow it in an access list. The transparent firewall, however, can pass most types of traffic through using either an extended access list (for IP traffic) or an EtherType access list (for non-IP traffic).

The transparent mode FWSM does not pass CDP packets, or any packets that do not have a valid EtherType greater than or equal to 0x600. For example, you cannot pass IS-IS packets. An exception is made for BPDUs, which are supported



This Discussion