First time configuring the FWSM. I come from the days where firewalls were actually appliances. I know, so 2007!
I am having trouble following the nice 700 page guide on the FWSM. I am going through the chapter on Configuring Failover.
I ran into an error when configuring the faolover lan interface.
Here is what I want to do and hopefully you can walk me through this.
I have a server that will be plugged into VLAN 100 on port 6/1 on my CoreA 6513 and CoreB 6513. He will be bonded active/passive. I want him to use a default gateway of 10.10.10.1.
I need the FWSM to present the 10.10.10.1 ip address to the server on both the FWSMs. In the olden days (prior to FWSM) I would put an IP of 10.10.10.2 and a standby of 10.10.10.1 on CoreA and an IP of 10.10.10.3 and a standby of 10.10.10.1 on CoreB to make this happen.
On both FWSM I have created interface VLAN 100 with name TrafficCtrlA. On FWSM A I put IP 10.10.10.2/24 standby 10.10.10.1 and on FWSM B I put IP 10.10.10.3/24 standby 10.10.10.1.
I can add the failover lan unit primary command but then when I add the failover lan interface (if_name) vlan (vlan) part, I get an error that says the interface already exists. Of course it does! I just added it!
On both FWSM A and B, you need configure the IP address of TrafficCtrlA as
ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2. Yes, both have the same config.
Therefore, whoever is active will use IP 10.10.10.1 and the other (standby) will use 10.10.10.2.
If TrafficCtr1A is used as server's gateway, it's a normal interface and could not be used as failover link. Here is what doc says "The failover link uses a special VLAN interface that you do not configure as a normal networking interface;"
Please follow the config guide for more detail info.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :