09-11-2007 07:16 AM - edited 03-11-2019 04:09 AM
Hi. I've configured a FWSM with a Core6509 and I have this problem: In the Core I configured a Vlan90, The procedure was: Vlan Database --> VLAN90 name DMZ1 --> VLAN90 state active --> exit. Next I done this command: firewall vlan-group 90 90 --> firewall module 4 vlan-group 90 and OK (In the module 4 I have the FWSM Card. Now, I go to te FWSM and I type those commands: nameif Vlan90 DMZ1 security 20 --> access-list dmz1_in (In this part I wrote all the rules) --> ip address dmz1 a.b.c.d a.b.c.d --> icmp permit any dmz1 --> nat (dmz1) 0 0.0.0.0 0.0.0.0 --> static (dmz1, outside) (in this part I write the permissions on the another vlans) --> interface dmz1 --> no shutdown. In the Core6509 I marked a port with the vlan number (Interface giga9/33 --> switchport access vlan 90) and in this interface I connected a PC white an IP address. What is my problem: from the FWSM and from the Core6509, the ping to the PC is not possible. Is like the communication between the FWSM and the Core6509 is doesn't exist. I don't know. Anybody can help me with this problem? I hope to be clear in this explain. Thanks. Francisco Velasco. Medellin - Colombia
09-11-2007 07:28 AM
By default on FWSM ANY communication between interfaces are denied.
First of all you must add access-list for inside interface.
09-11-2007 08:13 AM
Hi. Thanks for your answer. You have reason for that opinion, but in the access list, at the end is the sentence --> access-list dmz1_in extended permit icmp any any
Is this not enough??
Thanks a lot.
09-11-2007 08:20 AM
could you post your FWSM config?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: