Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
2
Replies

FWSM together switch 6500

Go to solution
r-barbosa
Level 1
Level 1

‎09-21-2009 08:20 PM - edited ‎03-09-2019 10:35 PM

I am configuring a cisco 6509 switch with FWSM, but this a bit confusing to implement. I am following the following documentation http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00808b4d9f.shtml, however following the following configuration did not work. I would check if my understanding is correct. The FWSM firewall is like a part not working together with the switch, from what I saw on the configuration of the FWSM example conversation with the switch through a specific VLAN, and not together, am I correct? if so created because the configuration is incorrect? The next setting below.

switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0

FWSM

interface vlan 10

nameif outside

security-level 0

ip address 192.168.10.2 255.255.255.0

interface vlan 20

nameif inside

security-level 100

ip address 172.16.10.1 255.255.255.0

interface vlan 30

nameif dmz

security-level 60

ip address 172.16.20.1 255.255.255.224

not create any of the VLANs 10,20 and 30 on the switch 6500.

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-22-2009 07:51 AM

Ricardo

"not create any of the VLANs 10,20 and 30 on the switch 6500."

All vlans must exist at L2 on the 6500. So if you do a "sh vlan" on the 6500 you should see vlans 10,20,30. If you don't then your setup will not work.

In addition you must have a L3 vlan interface for the outside interface which indeed you have from your config ie. -

switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0

But you must not have a L3 vlan interface for vlans 10 & 20.

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-22-2009 07:51 AM

Ricardo

"not create any of the VLANs 10,20 and 30 on the switch 6500."

All vlans must exist at L2 on the 6500. So if you do a "sh vlan" on the 6500 you should see vlans 10,20,30. If you don't then your setup will not work.

In addition you must have a L3 vlan interface for the outside interface which indeed you have from your config ie. -

switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0

But you must not have a L3 vlan interface for vlans 10 & 20.

Jon

0 Helpful

Go to solution
r-barbosa
Level 1
Level 1
In response to Jon Marshall

‎09-23-2009 07:55 AM

Hi john

Its my configuration is correct. the error was in command "nat-control". I'm using routing only, no nat. I entered the command "no nat-control" and resolved.

regards.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents