'virtual http' on transparent FWSMs

Unanswered Question
Jul 10th, 2009
User Badges:

Hey Everyone,


I've run into a problem and I can't tell if it's a "you can't really do that" type or the brain-fart type.


We are starting to test out the AAA cut-through-proxy feature to see if it can satisfy some access requirements we have. I have the authentication part working but it would require me to open up the BVI we use for management/syslog to everyone...and this is where my problem starts. I tried the 'virtual http <ip>' command and used an IP that is in the same range as the BVI we use for management but I was unable to see the IP anywhere. Checking on the FWSM there were no ARP entries and trying to ping it from inside or outside the FWSM failed. I looked through the docs I could find on the subject and the only thing I could find was that the address needed to be routable to the FWSM but the address I'm trying to use has all of our other servers on it so that requirement should be met. I've tried doing an identity NAT with the address with no luck too so I'm a little stuck :).


Layout:


Vlan55 (outside) -> FWSM -> Vlan56 (inside)


Vlan55 has an SVI on the 6500 with an IP of 10.14.0.1

BVI1 (bridging 55 and 56) in the FWSM has an IP of 10.14.0.8

Addresses inside vlan56 are 10.14.0.0/16


This is also a redundant setup with another 6500/FWSM, but from what I read it didn't look like that mattered.


Any insight would be appreciated!!


--Jeremy



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jsivulka Thu, 07/16/2009 - 13:36
User Badges:
  • Bronze, 100 points or more

To remove the authentication virtual server from the configuration, use the clear configure virtual command in global configuration mode.


clear configure virtual

Syntax Description


This command has no arguments or keywords.

Defaults


No default behavior or values.

Command Modes


thejman85 Fri, 07/17/2009 - 05:52
User Badges:

Thanks but that's not the problem I am having. The problem is that the "virtual http" command doesn't seem to "bring up" that address specified.


I.E. - If I put in virtual http 10.0.0.200, that address is unable to be reached from anywhere. Both inside and outside the FWSM.

Actions

This Discussion