01-29-2003 09:00 AM - edited 03-09-2019 01:53 AM
Hello,
We are trying to install a Firewall Service Module in a Cat6k with Sup2 and MSFC2. We must do it with CatOS (7.5(1)).
MSFC2 works like an inside router and routes traffic between its connected vlans. Firewall module routes traffic between secure segments (inside-outside, dmz-outside, etc...)
But we don't know how to connect msfc with firewall module. In other words, we need a default route in msfc pointing to inside IP of the firewall.
You can not configure a vlan in msfc if this vlan is a firewall-vlan, so how could we configure one vlan between msfc and firewall modules?
Thanks in advance.
02-04-2003 12:51 PM
I think its possible to configure a firewall-Vlan, you must configure a controlled VLAN (SVI) on the MSFC or you will be unable to configure VLANs on the module. For a complete configuration step take a look at the following URL
02-04-2003 06:44 PM
Are you sure you wouldn't connect to the outside interface? If you think of it logically you are going from LAN->router->outside->inside->LAN right?
If that's the case you need to use the outside VLAN and create a route from that network to the inside network's VLAN.
Say your inside VLAN is VLAN 10 and your outside VLAN is VLAN 20.
Your private inside LAN is 192.168.1.0/24
(Sorry, this is IOS, not CatOS, but you should see the idea)
!
firewall module 6 vlan-group 10
firewall vlan-group 10 10,20
!
interface GigabitEthernet1/2
no ip address
switchport
switchport access vlan 10
!
interface Vlan10
no ip address
!
interface Vlan20
ip address 192.168.101.1 255.255.255.0
!
ip route 192.168.1.0 255.255.255.0 192.168.101.2
and in the FWSM PIX looks like this:
nameif vlan10 inside security100
nameif vlan20 outside security0
ip address inside 192.168.1.1 255.255.255.0
ip address outside 192.168.101.2 255.255.255.0
route outside 0.0.0.0 0.0.0.0 192.168.101.1 1
Whenever I need to get to the private LAN 192.168.1.0/24 I get routed through the 192.168.101.0/24 network, which is a network that's only used to route the traffic through the MSFC into the FWSM.
02-11-2003 02:26 AM
Hello,
at last we have the solution, see above the steps for configuration:
1- Create routable VLAN interfaces in MSFC(interface vlan x) and put it to inactive state by shutdown.
2- Use "set vlan x firewall-vlan mod" to secure vlan x.
3- Makes a reset in the firewall module. (This was the step that we did not kneew)
4- Then, in MSFC, put vlan x to active state by "no shut".
Then, interface vlan 50 comes to up and we have connectivity between MSFC an FWSM.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide