I have configure the transparent fwsm(version 3.1) on Cat6500, I found I can't ping BVI interface from MSFC and I have some questions as below:
1, For transparent fwsm, are there other ways to access the fwsm module except "session slot # process 1", I mean can I telnet this fwsm by BVI interface?
2, I found access-group just can apply on the physical interface such as inside,outside or dmz, I can't apply it in BVI interface, am I right? I can't ping bvi interface from MSFC, anyone can tell me whether there are some wrong in my configuration or it can't ping actually?
3, CCO said It can have 8 bridge-group each context, what that mean? When I configure the fwsm, I found just 2 vlan interface per bridge-group. So how can I make make many interfaces in the inside or dmz interface? For example, I have HR, Finance, Market and RD 4 vlan, which is 10.1.1.0, 10.1.2.0, 10.1.3.0, 10.1.4.0 respectively. I want to make them protected by transparent fwsm. Anyone can give me the detail configuration?
And if one context just support 8 bridge-group, do it mean it can only support 8 inside vlan on the transparent firewall?
1. The config's look good, I am not sure why you are not able to ping the BVI ip-address, R u able to ping from the FWSM to any host/server ??
I suggest you enable debugging.
for telnet to work , you need to configure the " telnet 10.1.10.0 255.255.255.0 inside " and see if telnet works.
2. you are correct - need to have 3 pairs of vlan on MSFC and 3 bridge-groups.
This is a restricition in transparent mode , you can have only 2 interfaces ( one inside and one outside).