FWSM in Core6509

fvelasco_rojas · ‎09-11-2007

Hi. I've configured a FWSM with a Core6509 and I have this problem: In the Core I configured a Vlan90, The procedure was: Vlan Database --> VLAN90 name DMZ1 --> VLAN90 state active --> exit. Next I done this command: firewall vlan-group 90 90 --> firewall module 4 vlan-group 90 and OK (In the module 4 I have the FWSM Card. Now, I go to te FWSM and I type those commands: nameif Vlan90 DMZ1 security 20 --> access-list dmz1_in (In this part I wrote all the rules) --> ip address dmz1 a.b.c.d a.b.c.d --> icmp permit any dmz1 --> nat (dmz1) 0 0.0.0.0 0.0.0.0 --> static (dmz1, outside) (in this part I write the permissions on the another vlans) --> interface dmz1 --> no shutdown. In the Core6509 I marked a port with the vlan number (Interface giga9/33 --> switchport access vlan 90) and in this interface I connected a PC white an IP address. What is my problem: from the FWSM and from the Core6509, the ping to the PC is not possible. Is like the communication between the FWSM and the Core6509 is doesn't exist. I don't know. Anybody can help me with this problem? I hope to be clear in this explain. Thanks. Francisco Velasco. Medellin - Colombia

a.alekseev · ‎09-11-2007

By default on FWSM ANY communication between interfaces are denied.

First of all you must add access-list for inside interface.

fvelasco_rojas · ‎09-11-2007

Hi. Thanks for your answer. You have reason for that opinion, but in the access list, at the end is the sentence --> access-list dmz1_in extended permit icmp any any

Is this not enough??

Thanks a lot.

a.alekseev · ‎09-11-2007

could you post your FWSM config?