Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
1
Replies

FWSM w/ Multiple CXT understanding..

Not applicable

‎03-10-2008 07:38 AM - last edited on ‎03-11-2019 05:14 AM by

I am trying to get my config working with 6500 and Virtual FWs with an FWSM.

My first issue is that I cannot even ping from my VLAN5 outside interface which was created in the MSFC and has been allocated to the FWSM admin cxt 'outside' interface. I'm not sure if I need to setup static(inside,outside) mappings on the admin context? Vlans 10 & 20 have also been allocated to the FWSM module but I'm stuck. Can someone please advise on how I can get ip connectivity through VLAN 5 (admin cxt) down to vlan 10 inside (customer-a) cxt?

Display vlan-groups created by both ACE module and FWSM

Group Created by vlans

----- ---------- -----

1 FWSM 5,10,20

5 FWSM <empty>

10 FWSM <empty>

20 FWSM <empty>

6504-B#show firewall mod

Module Vlan-groups

------ -----------

04 1,5,10,20

6504-B#

===========================

FWSM config below

FWSM-B# sho context

Context Name Class Interfaces Mode URL

*admin default Vlan5 Routed disk:/admin.cfg

customer-a default Vlan10,Vlan5 Routed disk:/cust-a.cfg

Total active Security Contexts: 2

FWSM-B#

+++++++++++++++++++++++++++++++++++++++

Admin context

FWSM-B/admin# sho run

: Saved

:

FWSM Version 3.2(2) <context>

!

hostname FWSM-B

enable password xxx

names

!

interface Vlan5

nameif outside

security-level 0

ip address 10.0.0.2 255.255.255.0

!

passwd xxx

access-list 101 extended permit icmp any any

pager lines 24

mtu outside 1500

no asdm history enable

arp timeout 14400

route outside 0.0.0.0 0.0.0.0 10.0.0.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15

aaa authentication http console LOCAL

http server enable

http 10.0.0.0 255.255.255.255 outside

no snmp-server location

no snmp-server contact

telnet timeout 5

ssh timeout 5

!

class-map inspection_default

match default-inspection-traffic

class-map default

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect skinny

inspect smtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

!

service-policy global_policy global

Cryptochecksum:xxx

: end

FWSM-B/admin#

thanks,

`Al

Labels:
0 Helpful
1 Reply 1

yongl
Level 1
Level 1

‎03-11-2008 01:55 AM

Hi,

Please add 'icmp permit any outside' in FWSM configuration.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card