02-17-2004 02:20 PM - edited 02-20-2020 11:14 PM
I have searched high and low for a document which gives me a deeper understanding on configuring the FWSM together with the MSCF3 in my 6509 Switch.
Where is the Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module Installation and Configuration Guide. ???
I can only find til Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module Installation and Configuration Note. I suspect they are the same.
The Note only have very few and in my opnion insufficient configuration examples.
If any of You, have a link to a usefull document I would be thankfull.
02-20-2004 01:13 PM
02-20-2004 07:56 PM
I found this to be the most useful doc:
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns304/c649/ccmigration_09186a008014efaf.pdf
Simon
02-25-2004 03:36 AM
Hello Simon
Thanks for taking time to reply to my answer, I can tell you that I in the meantime have my FWSM Module configurede and up and running.
I will use you link as a refrence dokument to verify my configuration
Jesper Damsgaard
07-20-2004 12:23 AM
Hi,
It seems to you have enough hands with switch as of now ? I would appreciate if you could assist me for the below request .
I have an task to configure FWSM in 6509 module with MSFC-Inside , i found the problem with ping from inside zone to DMZ (vice versa) and various DMZ's ... I have an ATM Flex module using PVC's in one VLAN while segregated with IP Segments .. and i want to enforce the seperate policy for individual segment. any valuable suggestions or links would be highly appreciated...
you can reach me at mazhar@ebttikar.com ....i appreciate your earliest feedback
07-20-2004 09:35 AM
can't say anything without more details. configs and syslog needed.
08-04-2004 03:39 AM
Hello mazhar
Are your still have problems, with your FWSM.
Let's take one thing at a time.
Do you have an acess-list on the inside interface, it's requied, to allow ping your could use the following acl's:
Inside interface
access-list inside permit icmp any any echo
access-list inside permit icmp any any echo-reply
access-list inside deny ip any any
access-group inside in in inside
DMZ interface(s)
access-list dmz permit icmp any any echo
access-list dmz permit icmp any any echo-reply
access-list dmz deny ip any any
access-group dmz in in dmz
This setup combined with your exsisting ACL's will allow ping between your inside interface and your dmz's and vice-versa.
This should solve your ping problems, I can't help you with ATM setup, we do not use ATM direkt in our
6509.
Jesper Damsgaard
Bankdata
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide