I am trying to configure a cat6500 with two VPNSM and two FWSM in transparent mode with about 30 transparent firewall contexts. The FWSM just works fine, but I cant pass any traffic trought the vpnsm.

I am trying to chain both modules.

client---vlan 700 ---| inside FWSM outside |--- vlan 701 ---| VPNSM | --- int vlan 702

That is the config:

firewall multiple-vlan-interfaces

firewall module 3 vlan-group 2

firewall vlan-group 2 700-702

! Client VLAN

vlan 700

name TEST_CLIENT

! OUTSIDE Port of the FWSM

vlan 701

name TEST_FW_OUTSIDE

!

vlan 702

name TEST_CRYPTO

! VPNSM Config

interface GigabitEthernet5/1

no ip address

flowcontrol receive on

flowcontrol send off

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,600,606,702,1002-1005

switchport mode trunk

spanning-tree portfast trunk

!

interface GigabitEthernet5/2

no ip address

flowcontrol receive on

flowcontrol send off

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,106,701,1002-1005

switchport mode trunk

spanning-tree portfast trunk

!

! Here is my client connected

interface GigabitEthernet9/3

no ip address

switchport

switchport access vlan 700

!

interface Vlan701

no ip address

crypto connect vlan 702

!

interface Vlan702

ip address 192.168.230.254 255.255.255.0

crypto map TEST

crypto engine slot 5

!

The Firewall Context doesnt filter any traffic. When I start the vpn softclient the the session will be established and DPD pakets are sent from the msfc. But I cant pass any traffic over the vpn connection. Where is the problem? Is my config to fancy?

Any Ideas to solve this issues?

Thanks in advance...