Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
848
Views
4
Helpful
4
Replies

FWSM connect interface

mokhovikov
Level 1
Level 1

‎06-08-2010 08:49 AM - edited ‎03-11-2019 10:56 AM

Hi!

i have FWSM with this config:

!

interface Vlan35
nameif vlan35
security-level 100
ip address 10.10.35.1 255.255.255.0 standby 10.10.35.2
!
interface Vlan37
nameif vlan37
security-level 5
ip address 10.10.37.1 255.255.255.0 standby 10.10.37.2

!

...

!

ssh 10.10.35.0 255.255.255.0 vlan35
ssh 10.10.35.0 255.255.255.0 vlan37

!

Somebody tell me please, why i can connect to FWSM from vlan35 to 10.10.35.1 but cannot connect to  ip address 10.10.37.1(from vlan35) ?

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎06-08-2010 10:23 AM 

mokhovikov wrote:
Hi!
i have FWSM with this config:
!
interface Vlan35
 nameif vlan35
 security-level 100
 ip address 10.10.35.1 255.255.255.0 standby 10.10.35.2
!
interface Vlan37
 nameif vlan37
 security-level 5
 ip address 10.10.37.1 255.255.255.0 standby 10.10.37.2
!
...
!
ssh 10.10.35.0 255.255.255.0 vlan35
ssh 10.10.35.0 255.255.255.0 vlan37
!
Somebody tell me please, why i can connect to FWSM from vlan35 to 10.10.35.1 but cannot connect to  ip address 10.10.37.1(from vlan35) ?

By default you can't connect to an interface through the FWSM. So if you want to ssh to int vlan 37 you would need to be on vlan 37 or on a device that is reachable via vlan 37.

You could use the "management-access" command and apply it to vlan 37 and this should allow you to connect from vlan 35 -

FWSM management access

Jon

0 Helpful

mokhovikov
Level 1
Level 1
In response to Jon Marshall

‎06-08-2010 01:07 PM

jon thank you for reply. I've read about this command. It correct only for VPN connection or not?

"The management-access command is supported for the following through an IPSec VPN tunnel only"

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to mokhovikov

‎06-08-2010 01:10 PM

Hi,

On the ASA firewall, the management-access inside command is only when terminating a VPN connection on the device.

I guess is the same for the FWSM.

Federico.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to mokhovikov

‎06-08-2010 01:18 PM 

mokhovikov wrote:
jon thank you for reply. I've read about this command. It correct only for VPN connection or not?
"The management-access command is supported for the following through an IPSec VPN tunnel only"

Yes it is only for connectivity via an IPSEC VPN. If you aren't using an IPSEC VPN then you cannot connect to an interface across the FWSM so to connect to vlan 37 interface with ssh you would need to connect from vlan 37 device or a device reachable via the vlan 37 interface.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card