09-21-2009 08:20 PM - edited 03-09-2019 10:35 PM
I am configuring a cisco 6509 switch with FWSM, but this a bit confusing to implement. I am following the following documentation http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00808b4d9f.shtml, however following the following configuration did not work. I would check if my understanding is correct. The FWSM firewall is like a part not working together with the switch, from what I saw on the configuration of the FWSM example conversation with the switch through a specific VLAN, and not together, am I correct? if so created because the configuration is incorrect? The next setting below.
switch 6500
interface vlan 10
ip address 192.168.10.1 255.255.255.0
FWSM
interface vlan 10
nameif outside
security-level 0
ip address 192.168.10.2 255.255.255.0
interface vlan 20
nameif inside
security-level 100
ip address 172.16.10.1 255.255.255.0
interface vlan 30
nameif dmz
security-level 60
ip address 172.16.20.1 255.255.255.224
not create any of the VLANs 10,20 and 30 on the switch 6500.
Regards
Solved! Go to Solution.
09-22-2009 07:51 AM
Ricardo
"not create any of the VLANs 10,20 and 30 on the switch 6500."
All vlans must exist at L2 on the 6500. So if you do a "sh vlan" on the 6500 you should see vlans 10,20,30. If you don't then your setup will not work.
In addition you must have a L3 vlan interface for the outside interface which indeed you have from your config ie. -
switch 6500
interface vlan 10
ip address 192.168.10.1 255.255.255.0
But you must not have a L3 vlan interface for vlans 10 & 20.
Jon
09-22-2009 07:51 AM
Ricardo
"not create any of the VLANs 10,20 and 30 on the switch 6500."
All vlans must exist at L2 on the 6500. So if you do a "sh vlan" on the 6500 you should see vlans 10,20,30. If you don't then your setup will not work.
In addition you must have a L3 vlan interface for the outside interface which indeed you have from your config ie. -
switch 6500
interface vlan 10
ip address 192.168.10.1 255.255.255.0
But you must not have a L3 vlan interface for vlans 10 & 20.
Jon
09-23-2009 07:55 AM
Hi john
Its my configuration is correct. the error was in command "nat-control". I'm using routing only, no nat. I entered the command "no nat-control" and resolved.
regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide