Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
559
Views
0
Helpful
1
Replies

FWSM Configuration

lm20ele
Level 1
Level 1

‎08-13-2007 04:11 PM - edited ‎03-11-2019 03:57 AM

I have follow all the Quick Steps to configure FWSM. When I start testing the configuration I don't get the results I was expecting. For example:

When I ping from the MSFC to the FWSM on a different FSWM interface I don't get replies back.

Here is my configs:

MSFC Configuratio:

interface Vlan180

ip address 192.168.180.1 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.220.106

ip route 192.168.190.0 255.255.255.0 Vlan180

FWSM Configuration:

FWSM Version 2.3(4)

nameif vlan180 outside security0

nameif vlan190 inside security100

hostname FWSM

ftp mode passive

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 H225 1720

fixup protocol h323 ras 1718-1719

fixup protocol icmp

no fixup protocol icmp error

fixup protocol rsh 514

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

access-list deny-flow-max 4096

access-list alert-interval 300

access-list ICMPTEST extended permit icmp any any

access-list EXEMPT extended permit ip 192.168.190.0 255.255.255.0 any

access-list TTT extended permit ip any any

pager lines 24

logging on

logging buffer-size 4096

logging monitor debugging

mtu outside 1500

mtu inside 1500

ip address outside 192.168.180.2 255.255.255.0

ip address inside 192.168.190.1 255.255.255.0

no failover

failover lan unit secondary

failover polltime unit 1 holdtime 15

failover polltime interface 15

failover interface-policy 50%

icmp permit any outside

no pdm history enable

arp timeout 14400

nat (inside) 0 access-list EXEMPT

access-group ICMPTEST in interface outside

access-group ICMPTEST out interface outside

!

interface outside

!

!

interface inside

!

!

route outside 0.0.0.0 0.0.0.0 192.168.180.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 rpc 0:10:00 h3

23 0:05:00 h225 1:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

snmp-server enable traps snmp

floodguard enable

fragment size 200 outside

fragment chain 24 outside

fragment size 200 inside

fragment chain 24 inside

telnet timeout 5

ssh timeout 5

Labels:
0 Helpful
1 Reply 1

rigoberto.cintron
Level 1
Level 1

‎08-14-2007 05:19 AM

Well, first thing I'll do is to upgrade at least to version 3.1(6)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card