Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

logical int on fwsm

Hi, given below is the ver and the interface. How can we create a logical interface eg. inside, outside & dmz?

I've tried binding the int gb-ethernet0 to outside, int gb-ethernet1 to inside using nameif command but to no avail. Any idea? TIA.

FWSM# show ver

FWSM Firewall Version 2.3(4)

FWSM Device Manager Version 4.1(3)

Compiled on Tue 18-Apr-06 20:28 by dalecki

FWSM up 23 hours 31 mins

Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz

Flash ♦04-29-05STI Flash 7.2.0 @ 0xc321, 20MB

0: gb-ethernet0: irq 5

1: gb-ethernet1: irq 7

2: ethernet0: irq 11

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES: Enabled

Maximum Interfaces: 256

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Throughput: Unlimited

ISAKMP peers: Unlimited

Security Contexts: 2

This machine has an Unrestricted (UR) license.

Serial Number: SAD103805F5

Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000

Configuration has not been modified since last system restart.

FWSM# show int

Interface eobc "eobc", is up, line protocol is up

MAC address 0000.1700.0000, MTU 1500

8 REPLIES
New Member

Re: logical int on fwsm

you will need to create some layer 2 interfaces and allocate them in the context build - you cannot allocate the physical interfaces; in routed mode anyway

New Member

Re: logical int on fwsm

Can you redirect me to the right url. TIA.

Bronze

Re: logical int on fwsm

Hello,

It doesn't sound like you've assigned any VLANs to the firewall module. If you follow this link here:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_2/fwsm_cfg/switch.htm#wp1175893

It will walk you through some of the commands.

Basically it boils down to on the switch you need to define a group of vlans to pass to the module. Example:

Router(config)# firewall vlan-group 52 100

creates a vlan group named '52' with vlan 100 in it

Router(config)# firewall module 5 vlan-group 52

assigns vlan group 52 to firewall module 5.

--Jason

New Member

Re: logical int on fwsm

I did that, after binding the fwsm to the vlan-group what's the next task ? TIA.

New Member

Re: logical int on fwsm

From the FWSM system space, you must assign virtual interfaces to the contexts where you want to use them. Example:

context admin

description Admin Context

allocate-interface Vlan8

allocate-interface Vlan9

config-url disk:/admin.cfg

After that, change to the context and you will see interfaces that you can now assign addresses and security levels to.

-Mike

Bronze

Re: logical int on fwsm

Are you in single or multiple mode?

--Jason

New Member

Re: logical int on fwsm

Thank you guys for your info. After playing around with the fwsm, finally I was able to hop the initial ropes. Presently our client has only one fwsm, if we will go to router mode all the server gw should point to this. There are more or less 100 servers, just imagine the task if the fwsm will fail. Transparent is more sound appeling but what about the pros and cons? if the fwsm will fail will it disrupt the traffic towards outside? Any idea? TIA.

252
Views
2
Helpful
8
Replies
CreatePlease to create content