I have an MSFC and FWSM in a 6509. Following the Cisco doco, i created vlan 55 in the sup and assigned it to the firewall via the firewall-vlan command. To complete the SVI i assigned vlan 55 to the MSFC (int vlan 55) and issued it an address. Cisco doco says that int vlan55 should now show up/up and be of hardware type ethersvi. My MSFC says vlan55 is down/down of hardware type RP virtual ethernet. Am i missing a step?
Are you doing this in a Native switch or a hybrid one.
When configuring the FWSM in a Hybrid environment (CatOS on the switch + IOS on the MSFC), make sure you first configure the secure VLANs on the switch (set vlan firewall ) before performing any VLAN interface configuration on the MSFC. Save the MSFC configuration before rebooting the MSFC. Failing to save the config may result in the impossibility to add new secure VLAN interfaces to the MSFC later on.
Thanks for that. Sure enough we are using hydrid mode. I had followed the steps you describe and still didnt have any joy. Then i found out that configuring an SVI under catos requires an undocumented additional argument. To assign the svi vlan under catos i needed to issue (set vlan firewall msfc-fwsm-interface).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...