Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSec VPN using FWSM possible?

Hi,

Is it possible to configure a 6500 FWSM module to allow a windows based IPSEC VPN to terminate to it and allow access to the protected inside network.

The documentation for the FWSM talks about configuring the FWSM for remote access and management using a VPN; but it does not mention anything about having the vpn into the protected network.

Please point me to any links on CCO.

Thanks,

Vasanth

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: IPSec VPN using FWSM possible?

Well, it's really simple...

Add the devices you'll need to accomplish the IPSec VPN. You are right, none of the components you have will let you do IPSec VPN (at least not without some help to accomplish throughput)...

Either add a VPNSM (or the more fancy SPA-IPSEC solutions..) in each 6500 or insert a properly sized VPN-device at each side...

Did it help?

5 REPLIES
Silver

Re: IPSec VPN using FWSM possible?

No, you can't:

From: http://www.cisco.com/en/US/products/hw/modules/ps2706/products_qanda_item09186a00801e9e26.shtml#q25

Q. Can I terminate VPN connections on my FWSM?

A. VPN functionality is not supported on the FWSM. Termination of VPN connections is the responsibility of the switch and/or VPN Services Module. The 3DES license is provided for management purposes only, such as connecting to a low-security interface via Telnet, Secure Shell (SSH), and Secure HTTP (HTTPS).

Did it help?

New Member

Re: IPSec VPN using FWSM possible?

Thanks for the reply. The link you gave clears says it is not supported.

But, the documentation at the below link talks about creating a site-to-site tunnel..what does that mean?

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_2/fwsm_cfg/access.htm#wp1144881

-- Vasanth

Silver

Re: IPSec VPN using FWSM possible?

Hi again Vasanth,

They are talking about establishing a VPN-tunnel to another device f.ex. a PIX or VPN-concentrator to enable remote management through this other device..

As this link says at the second paragraph:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_2/fwsm_cfg/access.htm#wp1143031

"The FWSM can connect to another VPN concentrator, such as a Cisco PIX firewall or a Cisco IOS router, using a site-to-site tunnel. You specify the peer networks that can communicate over the tunnel. In the case of the FWSM, the only address available on the FWSM end of the tunnel is the interface itself."

Make sure you understand the last sentence in this paragraph...

Did it help?

New Member

Re: IPSec VPN using FWSM possible?

Thanks. Convinced that I will have to use another device on either end of the tunnel to have an IPSec VPN.

But, my problem is still not solved :(

LAN --- Private network inside context --- fwsm outside context ---- 3550 --- WAN Link --- 3550 ---- 6500 ----LAN

I need to provide an IPSec VPN between these two LANs.

I don't think any of the devices involved in this topology here support IPSec VPN.

What do I do?

-- Vasanth

Silver

Re: IPSec VPN using FWSM possible?

Well, it's really simple...

Add the devices you'll need to accomplish the IPSec VPN. You are right, none of the components you have will let you do IPSec VPN (at least not without some help to accomplish throughput)...

Either add a VPNSM (or the more fancy SPA-IPSEC solutions..) in each 6500 or insert a properly sized VPN-device at each side...

Did it help?

2855
Views
5
Helpful
5
Replies
CreatePlease to create content