I am trying to configure a cat6500 with two VPNSM and two FWSM in transparent mode with about 30 transparent firewall contexts. The FWSM just works fine, but I cant pass any traffic trought the vpnsm.
I am trying to chain both modules.
client---vlan 700 ---| inside FWSM outside |--- vlan 701 ---| VPNSM | --- int vlan 702
That is the config:
firewall multiple-vlan-interfaces
firewall module 3 vlan-group 2
firewall vlan-group 2 700-702
! Client VLAN
vlan 700
name TEST_CLIENT
! OUTSIDE Port of the FWSM
vlan 701
name TEST_FW_OUTSIDE
!
vlan 702
name TEST_CRYPTO
! VPNSM Config
interface GigabitEthernet5/1
no ip address
flowcontrol receive on
flowcontrol send off
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,600,606,702,1002-1005
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet5/2
no ip address
flowcontrol receive on
flowcontrol send off
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,106,701,1002-1005
switchport mode trunk
spanning-tree portfast trunk
!
! Here is my client connected
interface GigabitEthernet9/3
no ip address
switchport
switchport access vlan 700
!
interface Vlan701
no ip address
crypto connect vlan 702
!
interface Vlan702
ip address 192.168.230.254 255.255.255.0
crypto map TEST
crypto engine slot 5
!
The Firewall Context doesnt filter any traffic. When I start the vpn softclient the the session will be established and DPD pakets are sent from the msfc. But I cant pass any traffic over the vpn connection. Where is the problem? Is my config to fancy?
Any Ideas to solve this issues?
Thanks in advance...