08-13-2007 04:11 PM - edited 03-11-2019 03:57 AM
I have follow all the Quick Steps to configure FWSM. When I start testing the configuration I don't get the results I was expecting. For example:
When I ping from the MSFC to the FWSM on a different FSWM interface I don't get replies back.
Here is my configs:
MSFC Configuratio:
interface Vlan180
ip address 192.168.180.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.220.106
ip route 192.168.190.0 255.255.255.0 Vlan180
FWSM Configuration:
FWSM Version 2.3(4)
nameif vlan180 outside security0
nameif vlan190 inside security100
hostname FWSM
ftp mode passive
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 H225 1720
fixup protocol h323 ras 1718-1719
fixup protocol icmp
no fixup protocol icmp error
fixup protocol rsh 514
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list deny-flow-max 4096
access-list alert-interval 300
access-list ICMPTEST extended permit icmp any any
access-list EXEMPT extended permit ip 192.168.190.0 255.255.255.0 any
access-list TTT extended permit ip any any
pager lines 24
logging on
logging buffer-size 4096
logging monitor debugging
mtu outside 1500
mtu inside 1500
ip address outside 192.168.180.2 255.255.255.0
ip address inside 192.168.190.1 255.255.255.0
no failover
failover lan unit secondary
failover polltime unit 1 holdtime 15
failover polltime interface 15
failover interface-policy 50%
icmp permit any outside
no pdm history enable
arp timeout 14400
nat (inside) 0 access-list EXEMPT
access-group ICMPTEST in interface outside
access-group ICMPTEST out interface outside
!
interface outside
!
!
interface inside
!
!
route outside 0.0.0.0 0.0.0.0 192.168.180.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 rpc 0:10:00 h3
23 0:05:00 h225 1:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp
floodguard enable
fragment size 200 outside
fragment chain 24 outside
fragment size 200 inside
fragment chain 24 inside
telnet timeout 5
ssh timeout 5
08-14-2007 05:19 AM
Well, first thing I'll do is to upgrade at least to version 3.1(6)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide