Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM Transparent routing

I have FWSM in 6509 running the latest firware. It is inside of my network so when I refer to "outside" I do not mean the Internet I mean outside of the FWSM but still on my internal network. I have a different Internet firewall.

I can ping the management interface from outside addresses and I can also manage the firewall from "outside". I can ping it from the inside workstation and manage it.

My issue is inside workstations can not go further than the FWSM and "outside" systems can not access the workstation even though I have opened up the firewall a I have been troubleshooting. (Keep in mind again that it isnt open to the Internet just my internal network)

<Client-VLAN31-192.168.30.3>

<Inside-VLAN31>

<FWSM MGMT IP 192.168.30.2>

<Outside - VLAN30- IP Address 192.168.30.1>

I thought with transparent I used the Outside VLAN IP of 192.168.30.1 as the gateway for my inside clients? I have also tried the MGMT IP and neither work.

Switch config

interface Vlan30

ip address 192.168.30.1 255.255.255.0

no ip unreachables

no ip proxy-arp

end

VLAN 31 is a VLAN but not set as an interface

Firewall config

interface Vlan30

nameif outside

bridge-group 2

security-level 0

!

interface Vlan31

nameif inside

bridge-group 2

security-level 100

!

interface BVI2

ip address 192.168.30.2 255.255.255.0

route outside 0.0.0.0 0.0.0.0 192.168.30.1 access-list outside extended permit tcp any any

access-list outside extended permit udp any any

access-group outside in interface outside

(I do realize that I have opened it up not a risk at the moment)

3 REPLIES
Community Member

Re: FWSM Transparent routing

I got it working once I looked at the syslogs. (Duh)

I got it to work by NAT but I guess I didnt think with transparent you needed to define NAT rule. I thought it just didnt need it. I was also getting ACL denies on the inside interface so once I opened up the inside it worked which I didnt think I needed to do.

Community Member

Re: FWSM Transparent routing

You *don't* need to define NAT w/transparent mode. However, on the FWSM (unlike PIX and ASA) you *do* need an ACL on the inside interface before you can pass traffic.

Community Member

Re: FWSM Transparent routing

Hello,

I have the same problem. I have put ACL with permit icmp any any and permit ip any any on both the inside and outside, and I still cannot ping or pass through the FWSM.

I have put icmp permit any outside command and icmp permit inside command as well

I am interested to know whether you have resloved the problem and how?

159
Views
0
Helpful
3
Replies
CreatePlease to create content