Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

FWSM together switch 6500

I am configuring a cisco 6509 switch with FWSM, but this a bit confusing to implement. I am following the following documentation http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00808b4d9f.shtml, however following the following configuration did not work. I would check if my understanding is correct. The FWSM firewall is like a part not working together with the switch, from what I saw on the configuration of the FWSM example conversation with the switch through a specific VLAN, and not together, am I correct? if so created because the configuration is incorrect? The next setting below.

switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0

FWSM

interface vlan 10

nameif outside

security-level 0

ip address 192.168.10.2 255.255.255.0

interface vlan 20

nameif inside

security-level 100

ip address 172.16.10.1 255.255.255.0

interface vlan 30

nameif dmz

security-level 60

ip address 172.16.20.1 255.255.255.224

not create any of the VLANs 10,20 and 30 on the switch 6500.

Regards

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: FWSM together switch 6500

Ricardo

"not create any of the VLANs 10,20 and 30 on the switch 6500."

All vlans must exist at L2 on the 6500. So if you do a "sh vlan" on the 6500 you should see vlans 10,20,30. If you don't then your setup will not work.

In addition you must have a L3 vlan interface for the outside interface which indeed you have from your config ie. -

switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0

But you must not have a L3 vlan interface for vlans 10 & 20.

Jon

2 REPLIES
Hall of Fame Super Blue

Re: FWSM together switch 6500

Ricardo

"not create any of the VLANs 10,20 and 30 on the switch 6500."

All vlans must exist at L2 on the 6500. So if you do a "sh vlan" on the 6500 you should see vlans 10,20,30. If you don't then your setup will not work.

In addition you must have a L3 vlan interface for the outside interface which indeed you have from your config ie. -

switch 6500

interface vlan 10

ip address 192.168.10.1 255.255.255.0

But you must not have a L3 vlan interface for vlans 10 & 20.

Jon

New Member

Re: FWSM together switch 6500

Hi john

Its my configuration is correct. the error was in command "nat-control". I'm using routing only, no nat. I entered the command "no nat-control" and resolved.

regards.

122
Views
0
Helpful
2
Replies
CreatePlease to create content