Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
3
Replies

FWSM Transparent routing

tmcls
Level 1
Level 1

‎02-08-2008 02:01 PM - edited ‎03-11-2019 05:00 AM

I have FWSM in 6509 running the latest firware. It is inside of my network so when I refer to "outside" I do not mean the Internet I mean outside of the FWSM but still on my internal network. I have a different Internet firewall.

I can ping the management interface from outside addresses and I can also manage the firewall from "outside". I can ping it from the inside workstation and manage it.

My issue is inside workstations can not go further than the FWSM and "outside" systems can not access the workstation even though I have opened up the firewall a I have been troubleshooting. (Keep in mind again that it isnt open to the Internet just my internal network)

<Client-VLAN31-192.168.30.3>

<Inside-VLAN31>

<FWSM MGMT IP 192.168.30.2>

<Outside - VLAN30- IP Address 192.168.30.1>

I thought with transparent I used the Outside VLAN IP of 192.168.30.1 as the gateway for my inside clients? I have also tried the MGMT IP and neither work.

Switch config

interface Vlan30

ip address 192.168.30.1 255.255.255.0

no ip unreachables

no ip proxy-arp

end

VLAN 31 is a VLAN but not set as an interface

Firewall config

interface Vlan30

nameif outside

bridge-group 2

security-level 0

!

interface Vlan31

nameif inside

bridge-group 2

security-level 100

!

interface BVI2

ip address 192.168.30.2 255.255.255.0

route outside 0.0.0.0 0.0.0.0 192.168.30.1 access-list outside extended permit tcp any any

access-list outside extended permit udp any any

access-group outside in interface outside

(I do realize that I have opened it up not a risk at the moment)

Labels:
0 Helpful
3 Replies 3

tmcls
Level 1
Level 1

‎02-11-2008 08:18 AM

I got it working once I looked at the syslogs. (Duh)

I got it to work by NAT but I guess I didnt think with transparent you needed to define NAT rule. I thought it just didnt need it. I was also getting ACL denies on the inside interface so once I opened up the inside it worked which I didnt think I needed to do.

0 Helpful

lowen
Level 1
Level 1
In response to tmcls

‎02-11-2008 12:35 PM

You *don't* need to define NAT w/transparent mode. However, on the FWSM (unlike PIX and ASA) you *do* need an ACL on the inside interface before you can pass traffic.

0 Helpful

zlabovic
Level 1
Level 1

‎04-08-2008 11:54 PM

Hello,

I have the same problem. I have put ACL with permit icmp any any and permit ip any any on both the inside and outside, and I still cannot ping or pass through the FWSM.

I have put icmp permit any outside command and icmp permit inside command as well

I am interested to know whether you have resloved the problem and how?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card