Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
716
Views
0
Helpful
6
Replies

Configuration of the FWSM / PIX Blade

j.damsgaard
Level 1
Level 1

‎02-17-2004 02:20 PM - edited ‎02-20-2020 11:14 PM

I have searched high and low for a document which gives me a deeper understanding on configuring the FWSM together with the MSCF3 in my 6509 Switch.

Where is the Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module Installation and Configuration Guide. ???

I can only find til Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module Installation and Configuration Note. I suspect they are the same.

The Note only have very few and in my opnion insufficient configuration examples.

If any of You, have a link to a usefull document I would be thankfull.

0 Helpful
6 Replies 6

shamilton-wilkes
Level 3
Level 3

‎02-20-2004 07:56 PM

I found this to be the most useful doc:

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns304/c649/ccmigration_09186a008014efaf.pdf

Simon

0 Helpful

j.damsgaard
Level 1
Level 1
In response to shamilton-wilkes

‎02-25-2004 03:36 AM

Hello Simon

Thanks for taking time to reply to my answer, I can tell you that I in the meantime have my FWSM Module configurede and up and running.

I will use you link as a refrence dokument to verify my configuration

Jesper Damsgaard

0 Helpful

azharmd
Level 1
Level 1

‎07-20-2004 12:23 AM

Hi,

It seems to you have enough hands with switch as of now ? I would appreciate if you could assist me for the below request .

I have an task to configure FWSM in 6509 module with MSFC-Inside , i found the problem with ping from inside zone to DMZ (vice versa) and various DMZ's ... I have an ATM Flex module using PVC's in one VLAN while segregated with IP Segments .. and i want to enforce the seperate policy for individual segment. any valuable suggestions or links would be highly appreciated...

you can reach me at mazhar@ebttikar.com ....i appreciate your earliest feedback

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to azharmd

‎07-20-2004 09:35 AM

can't say anything without more details. configs and syslog needed.

0 Helpful

j.damsgaard
Level 1
Level 1
In response to azharmd

‎08-04-2004 03:39 AM

Hello mazhar

Are your still have problems, with your FWSM.

Let's take one thing at a time.

Do you have an acess-list on the inside interface, it's requied, to allow ping your could use the following acl's:

Inside interface

access-list inside permit icmp any any echo

access-list inside permit icmp any any echo-reply

access-list inside deny ip any any

access-group inside in in inside

DMZ interface(s)

access-list dmz permit icmp any any echo

access-list dmz permit icmp any any echo-reply

access-list dmz deny ip any any

access-group dmz in in dmz

This setup combined with your exsisting ACL's will allow ping between your inside interface and your dmz's and vice-versa.

This should solve your ping problems, I can't help you with ATM setup, we do not use ATM direkt in our

6509.

Jesper Damsgaard

Bankdata

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card