VPN termination on FWSM

Unanswered Question
Jun 23rd, 2009

Hi All,

I have the following Inquiry, as the below Question and answer. can Anyone help me how can I terminate a VPN connection using the switch ? what are the requirements ? is there any link that elaborate that?

Q. Can I terminate VPN connections on my FWSM?

A. VPN functionality is not supported on the FWSM except for management connections terminating on the FWSM. Termination of VPN connections for traffic flowing through the FWSM should be performed on the switch and/or VPN Services Module.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
jeansamarani Tue, 06/30/2009 - 02:12

ok thanks for the clarification but what is the other solution if we want to site-to-site vpn and remote access vpn to access the servers behind the FWSM ?


jeansamarani Wed, 07/08/2009 - 06:01

Hi Jon,

now we have installed the VPN services modules in the 7609. what's the next step ? do we configure the Site to site VPN on the fwsm as we used to it on the PIX ?

please help!!!

thanks in advance.


jeansamarani Thu, 07/09/2009 - 03:58

Hi kusankar,

After installing and configuring the fwsm, module, we have installed the VPN services module,

can you please provide me a documentation on how to configure it taking into the consideration the existence of the fwsm in the chassis?


jeansamarani Thu, 07/09/2009 - 06:08

Thanks Srue for your prompt response. I have already this link but i wasn't able to figure out how to configure my VPN in my case.

you can see below my FWSM configuration:

fwsm Configuration



interface Vlan601



security-level 0

ip address x.x.x.x standby x.x.x.x


and the Switch Configuration:


vlan 601

name Internet

Interface gig2/1

description Connection to the internet


switchport mode access

switchport access vlan 601

your help to guide me through the rest of the configuration is appreciated !!

srue Thu, 07/09/2009 - 06:19

have you done any vpn configuration yet on this device?

can you post the output of "show module"

jeansamarani Thu, 07/09/2009 - 06:25


Just let me tell you our target. It is to migrate our 535 PIX Firewalls to the new 7609 FWSM along with the VPN service modules.

The output of "show module" shows indeed that the module was recognized and it's ok.

7 2 IPsec VPN Accelerator WS-SVC-IPSEC-1


This Discussion