I'm trying toget a FWSM working on a 6513 chassis running IOS. The FWSM is running 4.0(5). I'm using the MSFC behind the FWSM model. I created a SVI and presented it to the firewall as the inside interface. I created a VLAN on the 6513 and presented it to the FWSM as the outside interface. I defined it IP address in the FWSM interface. I created a default route on the FWSM pointing to the Internet address on the outside of the FWSM outside interface. I have route statements to the inside for all internal subnets.
I can telnet to the FWSM inside address from the 6513 LAN. No inside users can access the network/Internet on the outside of the FWSM. We are not using NAT. All internal devices can access other internal devices.
The inside interface is security level of 100. The outside interface is security level of 0.
The FWSM is replacing an external PIX525 currently in use. During off hours I disconnect the PIX and give the PIX inside and outside addresses to the FWSM. I can't see what I might be missing? While I telnet into the FWSM I can ping the IP just outside the outside interface. I know the FWSM can see outside but the users can't. I have an interface on the 6513 in the VLAN of the outside interface and that is where I connect external to our network. I cleared arp while testing.
I noticed our PIX has an implicit rule for the inside interface. It permits all traffic to a less secure network such as our outside interface. That implicit rule on the inside interface is missing in the FWSM. I think the PIX added that rule by default and it looks like the FWSM doesn't. Maybe that is where my issue is.