I have a production environment working with 2 Cisco 6500 series configured as VSS. We have One supervisor and multiple SVI interfaces on MSFC card. Each of the two 6500 has one FWSM module mount but not configured. I have 45 SVI interfaces (VLAN) and I want to filter traffic between them.
I have tried to log on FWSM and configure management access (SSH, ASDM) but I am not able to ping the 6500 switch and I am not able to ping the FWSM on 6500.
Receive the configure of the FWSM. Only one FWSM have been configured.
FWSM Version 3.1(10) ! firewall transparent hostname T2SA-FWSM1 domain-name local.local enable password WRG3g.xDNrBVh.tO encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface Vlan9 nameif inside bridge-group 1 security-level 100 ! interface Vlan17 nameif outside bridge-group 1 security-level 0 ! interface BVI1 description ##int in out BRIDGE# ip address 10.100.17.253 255.255.255.0 ! ftp mode passive access-list 100 extended permit ip any any access-list 100 extended permit udp any any access-list 101 ethertype permit bpdu pager lines 24 mtu outside 1500 mtu inside 1500 no failover no asdm history enable arp timeout 14400 access-group 101 in interface outside access-group 100 in interface outside access-group 100 out interface outside access-group 101 in interface inside access-group 100 in interface inside access-group 100 out interface inside route outside 10.100.17.0 255.255.255.0 route outside 0.0.0.0 0.0.0.0 10.100.17.254 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute username afritec password b4jmWIHeWj8bgNpV encrypted http server enable no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet timeout 5 ssh timeout 5 ssh version 2 console timeout 0 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect smtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global prompt hostname context Cryptochecksum:7d847012a52b6445011e40f1f9cdd4b2
Please what are the best steps to get ip connectivity between FWSM and 6500 while virtualized ?
Just to connect for management. What are the good steps after, to implement the FWSM in failover mode and to manage 46 SVI(Vlans). Transparent firewall is not an issue because it only uses 2 (vlan) pper BVI. the best practice please
Note that the FWSM limits you to 8 bridge groups in a given context. To support the number of VLANs you're talking about, you'd need to be licensed for and run in multiple context mode.
One other thing you should consider (assuming you still have maintenance coverage on this product that hasn't been sold for over two years) is to upgrade your software. You are running 3.1(10) from April 2008 and there were 10 later maintenance releases just in the 3.1 train. The last release for the FWSM was 4.1(15) from October 2013.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :