Attempting to set up the FWSM in transparent mode (single context). Here is my scenario: I have a 6509 with 3 VLANs…40 (DMZ), 41 (Staff), and 42 (Inside). I would like to use the FWSM to control access transparently between the 3 VLANs.
Here is what I have set up:
firewall module 7 vlan-group 40
firewall vlan-group 40 40-42
ip address 10.40.0.1 255.255.255.0
ip address 10.41.0.1 255.255.255.0
ip address 10.42.0.1 255.255.255.0
FWSM Version 3.1(10)
access-list DENY-ALL extended deny ip any any log
access-list DENY-ALL extended deny icmp any any log
access-group DENY-ALL in interface DMZ
I understood that without any ACLs, the default action would be deny, however I was able to communicate freely between all the VLANs. I added the ACL to explicitly deny anything from the DMZ, but still able to communicate.
Would appreciate any assistance in how I can get the FWSM in transparent mode to control traffic between 3 VLANs.
Vlan 40 and 41 should be in the same subnet.
But hosts on switchports vlan access 40 and 41 will go through the FWSM that will be bridging these vlans.
So make sure you have 2 ports with hosts in each vlan and that their ip addresses are in the same subnet.
try pinging between them and then the FWSM should be bridging and you will see traffic through it.
I hope it helps.