cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1489
Views
8
Helpful
10
Replies

VPN termination on FWSM

jeansamarani
Level 1
Level 1

Hi All,

I have the following Inquiry, as the below Question and answer. can Anyone help me how can I terminate a VPN connection using the switch ? what are the requirements ? is there any link that elaborate that?

Q. Can I terminate VPN connections on my FWSM?

A. VPN functionality is not supported on the FWSM except for management connections terminating on the FWSM. Termination of VPN connections for traffic flowing through the FWSM should be performed on the switch and/or VPN Services Module.

thanks,

Jean

10 Replies 10

Kureli Sankar
Cisco Employee
Cisco Employee

correct. VPN site to site can only access the FWSM interface IP address and nothing else behind the FWSM. Meaning you can only use it for management purpose.

Here is the link:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/mg​acc_f.html#wp1060264​

ok thanks for the clarification but what is the other solution if we want to site-to-site vpn and remote access vpn to access the servers behind the FWSM ?

Jean

Jean

If you want to terminate the VPN's on the 6500 you will need one of these -

http://www.cisco.com/en/US/prod/collateral/modules/ps6267/7600S_6500S_IPSec_VPN_SPA_DS_ps8768_Products_Data_Sheet.html

Obviously you could also use a standalone ASA device if you wanted.

Jon

Hi Jon,

now we have installed the VPN services modules in the 7609. what's the next step ? do we configure the Site to site VPN on the fwsm as we used to it on the PIX ?

please help!!!

thanks in advance.

Jean

Hi kusankar,

After installing and configuring the fwsm, module, we have installed the VPN services module,

can you please provide me a documentation on how to configure it taking into the consideration the existence of the fwsm in the chassis?

thanks,

Thanks Srue for your prompt response. I have already this link but i wasn't able to figure out how to configure my VPN in my case.

you can see below my FWSM configuration:

fwsm Configuration

-------------------

!

interface Vlan601

description INTERNET CONNECTION

nameif INTERNET

security-level 0

ip address x.x.x.x 255.255.255.248 standby x.x.x.x

!

and the Switch Configuration:

-----------------------------

vlan 601

name Internet

Interface gig2/1

description Connection to the internet

switchport

switchport mode access

switchport access vlan 601

your help to guide me through the rest of the configuration is appreciated !!

have you done any vpn configuration yet on this device?

can you post the output of "show module"

No.

Just let me tell you our target. It is to migrate our 535 PIX Firewalls to the new 7609 FWSM along with the VPN service modules.

The output of "show module" shows indeed that the module was recognized and it's ok.

7 2 IPsec VPN Accelerator WS-SVC-IPSEC-1

any luck?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: