cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
541
Views
1
Helpful
3
Replies

FWSM multiple VLAN

MAZakirhussain
Level 1
Level 1

The network inside has multiple VLANs. Need to configure the FWSM for all the VLAN's with just 2 context in Active/Active mode.

How to do this.

1 Accepted Solution

Accepted Solutions

Hi,

The points below are the ones you need to follow. I suggest you to refer to the Configuration guide under the chapter "Transparent Firewal minimum configuration steps"

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/quick_f.html#wp1013477

Step 1 Assigning VLANs to the Firewall Services Module, page 2-2 On the switch, you need to assign VLANs to the

FWSM so that the FWSM can send and receive traffic

on the switch.

Step 2 (Might be required) Adding Switched Virtual Interfaces to

the MSFC, page 2-5

If you want the MSFC to route between VLANs that

are assigned to the FWSM, complete this procedure.

Step 3 Connecting to the Firewall Services Module, page 3-1 From the switch CLI, you can session into the FWSM

to access the FWSM CLI.

Step 4 (Might be required; multiple context mode only) Enabling or

Disabling Multiple Context Mode, page 4-10

If you want to use multiple context mode and your

FWSM is not already configured for it, or if you want

to change back to single mode, follow this procedure.

Step 5 (Multiple context mode only) Configuring a Security

Context, page 4-18

Add a security context.

Step 6 (Multiple context mode only) Changing Between Contexts

and the System Execution Space, page 4-22

Because you must configure some settings in the

system execution space and some settings within the

context, you need to know how to switch between

contexts and the system execution space.

Step 7 Setting Transparent or Routed Firewall Mode, page 5-17 Before you configure any settings, you must set the

firewall mode to transparent mode. Changing the

mode clears your configuration. In multiple context

mode, set the mode in each context.

Step 8 Configuring Transparent Firewall Interface Parameters,

page 6-3

For each VLAN interface, you must set a name (such

as inside or outside), a security level, and a bridge

group.

Step 9 Assigning an IP Address to a Bridge Group, page 6-5 Assign an IP address to each bridge group.

Step 10 Configuring a Default Route, page 8-3 Create a default route to an upstream router for

returning management traffic.

Step 11 Adding an Extended ACE, page 10-7 Before any traffic can go through the FWSM, you

must create an access list that permits traffic.

Step 12 Applying an Access List to an Interface, page 11-4 Apply the access list to an interface.

I hope it helps .. please rate it if it does !!!

View solution in original post

3 Replies 3

Fernando_Meza
Level 7
Level 7

Hi,

Are you planning to control the inter-VLAN routing of those VLANs by the FWSM ..?

Are you able to post a draft topology diagram of the current setup and what is that you would like to achieve.

Hi,

The network has about 10 VLAN's with HSRP configured for each VLAN on the redundant 6509 switches. Each switch has a FWSM. Now traffic for each VLAN should pass through the Firewall. Need to configure the FWSM in Active/Active mode with 5 VLAN's in the one context and the other 5 VLAN's in the other context.Also FWSM needs to be configured in Transparent mode.

Hi,

The points below are the ones you need to follow. I suggest you to refer to the Configuration guide under the chapter "Transparent Firewal minimum configuration steps"

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/quick_f.html#wp1013477

Step 1 Assigning VLANs to the Firewall Services Module, page 2-2 On the switch, you need to assign VLANs to the

FWSM so that the FWSM can send and receive traffic

on the switch.

Step 2 (Might be required) Adding Switched Virtual Interfaces to

the MSFC, page 2-5

If you want the MSFC to route between VLANs that

are assigned to the FWSM, complete this procedure.

Step 3 Connecting to the Firewall Services Module, page 3-1 From the switch CLI, you can session into the FWSM

to access the FWSM CLI.

Step 4 (Might be required; multiple context mode only) Enabling or

Disabling Multiple Context Mode, page 4-10

If you want to use multiple context mode and your

FWSM is not already configured for it, or if you want

to change back to single mode, follow this procedure.

Step 5 (Multiple context mode only) Configuring a Security

Context, page 4-18

Add a security context.

Step 6 (Multiple context mode only) Changing Between Contexts

and the System Execution Space, page 4-22

Because you must configure some settings in the

system execution space and some settings within the

context, you need to know how to switch between

contexts and the system execution space.

Step 7 Setting Transparent or Routed Firewall Mode, page 5-17 Before you configure any settings, you must set the

firewall mode to transparent mode. Changing the

mode clears your configuration. In multiple context

mode, set the mode in each context.

Step 8 Configuring Transparent Firewall Interface Parameters,

page 6-3

For each VLAN interface, you must set a name (such

as inside or outside), a security level, and a bridge

group.

Step 9 Assigning an IP Address to a Bridge Group, page 6-5 Assign an IP address to each bridge group.

Step 10 Configuring a Default Route, page 8-3 Create a default route to an upstream router for

returning management traffic.

Step 11 Adding an Extended ACE, page 10-7 Before any traffic can go through the FWSM, you

must create an access list that permits traffic.

Step 12 Applying an Access List to an Interface, page 11-4 Apply the access list to an interface.

I hope it helps .. please rate it if it does !!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: