Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Sup720 communicating with fwsm

Hi, I have a 6509 switch with the Sup720 and a fwsm. I cannot get these two modules to communicate. When I ping the fwsm from the sup720 I get no response, and when I ping the sup720 from the fwsm I get no response. This is my first experience with the fwsm and the 6509 series switch.

I have added the vlans into the firewall so it can communicate with those and the interfaces have the correct ips.

the sup720 has ip 10.1.0.2 on vlan10

the fwsm has ip 10.1.0.1 on vlan10

I am just looking for some advice and any will be appreciated, this is holding up the upgrade to our network. Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Sup720 communicating with fwsm

Hi

Can you add the following in your config

icmp permit any "pix interface"

where pix interface is the name of the interface with the 10.1.0.1 ip address.

If this does not work can you send a copy of your config.

HTH

Jon

7 REPLIES
Hall of Fame Super Blue

Re: Sup720 communicating with fwsm

Hi

Can you add the following in your config

icmp permit any "pix interface"

where pix interface is the name of the interface with the 10.1.0.1 ip address.

If this does not work can you send a copy of your config.

HTH

Jon

New Member

Re: Sup720 communicating with fwsm

Ok, so that last post fixed my problem but now I have one more. Traffic is bypassing the firewall module and going straight out of the switch. If anyone has any ideas on this I would appreciate the help, thank you!

Hall of Fame Super Blue

Re: Sup720 communicating with fwsm

Hi

Coudl you send some more details as to how you have setup your FWSM etc and how you know traffic is bypassing the FWSM.

If traffic is not going through the FWSM it sounds the MSFC is routing traffic around it.

Jon

New Member

Re: Sup720 communicating with fwsm

you probably created more than one SVI's. Other than the one inside interface, which in your case is vlan 10. For any other vlans on your FWSM, you do NOT want to create layer 3 vlan interfaces in IOS.

New Member

Re: Sup720 communicating with fwsm

On my 6500 & FWSM, I configured the FWSM is routed mode. Each firewall interface is actually a vlan that sits on the 6500. To link a vlan to your FWSM, you need to use the firewall vlan-group command. So for example, if you have vlan 100 as your Inside interface and vlan 101 as the outside interface, you would use the command (config)#firewall vlan-group 1 100,101.

This will link those vlans to the FWSM. You can then go into the fwsm and link a firewall interface to one of those vlans. You need to do the same if you want to create DMZ interfaces and have them link to vlans.

Once that is done, I just created a static default route to the "inside" interface of the FWSM, thus forcing all of my traffic to go through the firewall.

Hopefully that will give you some ideas.

New Member

Re: Sup720 communicating with fwsm

Hi Dear

My name is Ibrahim and i want your help as you configured FWSM before, in my work i have 6509-E switch with sup720 & FWSM & i already created 5 Vlans on the switch & i need those Vlans to talk to each other through the FWSM SO PLEASE advice me about the design that i should work with (summary steps)

my e-mail is:

ib_cims@yahoo.com

Hall of Fame Super Blue
181
Views
0
Helpful
7
Replies