Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM in Core6509

Hi. I've configured a FWSM with a Core6509 and I have this problem: In the Core I configured a Vlan90, The procedure was: Vlan Database --> VLAN90 name DMZ1 --> VLAN90 state active --> exit. Next I done this command: firewall vlan-group 90 90 --> firewall module 4 vlan-group 90 and OK (In the module 4 I have the FWSM Card. Now, I go to te FWSM and I type those commands: nameif Vlan90 DMZ1 security 20 --> access-list dmz1_in (In this part I wrote all the rules) --> ip address dmz1 a.b.c.d a.b.c.d --> icmp permit any dmz1 --> nat (dmz1) 0 --> static (dmz1, outside) (in this part I write the permissions on the another vlans) --> interface dmz1 --> no shutdown. In the Core6509 I marked a port with the vlan number (Interface giga9/33 --> switchport access vlan 90) and in this interface I connected a PC white an IP address. What is my problem: from the FWSM and from the Core6509, the ping to the PC is not possible. Is like the communication between the FWSM and the Core6509 is doesn't exist. I don't know. Anybody can help me with this problem? I hope to be clear in this explain. Thanks. Francisco Velasco. Medellin - Colombia


Re: FWSM in Core6509

By default on FWSM ANY communication between interfaces are denied.

First of all you must add access-list for inside interface.

New Member

Re: FWSM in Core6509

Hi. Thanks for your answer. You have reason for that opinion, but in the access list, at the end is the sentence --> access-list dmz1_in extended permit icmp any any

Is this not enough??

Thanks a lot.

Re: FWSM in Core6509

could you post your FWSM config?

CreatePlease to create content