I have the following Inquiry, as the below Question and answer. can Anyone help me how can I terminate a VPN connection using the switch ? what are the requirements ? is there any link that elaborate that?
Q. Can I terminate VPN connections on my FWSM?
A. VPN functionality is not supported on the FWSM except for management connections terminating on the FWSM. Termination of VPN connections for traffic flowing through the FWSM should be performed on the switch and/or VPN Services Module.
correct. VPN site to site can only access the FWSM interface IP address and nothing else behind the FWSM. Meaning you can only use it for management purpose.
Here is the link:
ok thanks for the clarification but what is the other solution if we want to site-to-site vpn and remote access vpn to access the servers behind the FWSM ?
If you want to terminate the VPN's on the 6500 you will need one of these -
Obviously you could also use a standalone ASA device if you wanted.
now we have installed the VPN services modules in the 7609. what's the next step ? do we configure the Site to site VPN on the fwsm as we used to it on the PIX ?
thanks in advance.
After installing and configuring the fwsm, module, we have installed the VPN services module,
can you please provide me a documentation on how to configure it taking into the consideration the existence of the fwsm in the chassis?
Thanks Srue for your prompt response. I have already this link but i wasn't able to figure out how to configure my VPN in my case.
you can see below my FWSM configuration:
description INTERNET CONNECTION
ip address x.x.x.x 255.255.255.248 standby x.x.x.x
and the Switch Configuration:
description Connection to the internet
switchport mode access
switchport access vlan 601
your help to guide me through the rest of the configuration is appreciated !!
Just let me tell you our target. It is to migrate our 535 PIX Firewalls to the new 7609 FWSM along with the VPN service modules.
The output of "show module" shows indeed that the module was recognized and it's ok.
7 2 IPsec VPN Accelerator WS-SVC-IPSEC-1