FWSM problem

Unanswered Question
Jul 5th, 2007
User Badges:
  • Silver, 250 points or more

hi all

i am attaching the connectivity diagram.We are using in vlan 1,5,7,11,15 in the 6513 switch.Alos this switch has 2*FWSm modules.Now i am not able to understand how to select the insode and outside interface vlan.I had created a vlan-group 1 and bind that group tp the firewall module 1.All my vlans in the firewall came up.But i am not able to ping them.


FWSM:-

int vlan 15

ip add 10.0.4.254 255.255.255.0

nameif outside

int vlan 5

ip add 10.0.4.254 255.255.255.0

nameif inside

nat (inside) 1 0 0

global (outside) 1 interface

access-list 1 permit icmp any any

access-group 1 in interface outside


Switch:-

int vlan 15

ip add 10.0.4.1 255.255.255.0


The above configuration is a test configuration.

Please let me know how to select the inside and outside interface.All the connectivity is over MPLS cloud and it is the intra connectivity.Only internet cloud is using for outside.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JBDanford2002 Thu, 07/05/2007 - 15:01
User Badges:

To allow ping to the interface try the following:


icmp perit any outside

icmp permit any inside


The inside interface is given a security level of 100. The outside is given the security level of 0. The lower security level should be pointed toward the least secure network(s). Connections by default are normally permitted from higher to lower security level interfaces. Interface Security levels that are the same are not permitted by default to traverse the firewall even if the policy allows.

Actions

This Discussion