FWSM together switch 6500

Answered Question
Sep 21st, 2009
User Badges:

I am configuring a cisco 6509 switch with FWSM, but this a bit confusing to implement. I am following the following documentation http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00808b4d9f.shtml, however following the following configuration did not work. I would check if my understanding is correct. The FWSM firewall is like a part not working together with the switch, from what I saw on the configuration of the FWSM example conversation with the switch through a specific VLAN, and not together, am I correct? if so created because the configuration is incorrect? The next setting below.


switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0


FWSM

interface vlan 10

nameif outside

security-level 0

ip address 192.168.10.2 255.255.255.0

interface vlan 20

nameif inside

security-level 100

ip address 172.16.10.1 255.255.255.0

interface vlan 30

nameif dmz

security-level 60

ip address 172.16.20.1 255.255.255.224


not create any of the VLANs 10,20 and 30 on the switch 6500.


Regards


Correct Answer by Jon Marshall about 7 years 10 months ago

Ricardo


"not create any of the VLANs 10,20 and 30 on the switch 6500."


All vlans must exist at L2 on the 6500. So if you do a "sh vlan" on the 6500 you should see vlans 10,20,30. If you don't then your setup will not work.


In addition you must have a L3 vlan interface for the outside interface which indeed you have from your config ie. -


switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0


But you must not have a L3 vlan interface for vlans 10 & 20.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Tue, 09/22/2009 - 07:51
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Ricardo


"not create any of the VLANs 10,20 and 30 on the switch 6500."


All vlans must exist at L2 on the 6500. So if you do a "sh vlan" on the 6500 you should see vlans 10,20,30. If you don't then your setup will not work.


In addition you must have a L3 vlan interface for the outside interface which indeed you have from your config ie. -


switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0


But you must not have a L3 vlan interface for vlans 10 & 20.


Jon

r-barbosa Wed, 09/23/2009 - 07:55
User Badges:

Hi john


Its my configuration is correct. the error was in command "nat-control". I'm using routing only, no nat. I entered the command "no nat-control" and resolved.


regards.

Actions

This Discussion