[c-nsp] FWSM Question

Paul Stewart paul at paulstewart.org
Thu Mar 22 11:11:44 EST 2007


Thanks for the reply....

MSFC: 12.2(18)SXF7

We don't want to use NAT at all if it's possible .. my understanding from
reading is that it's an option or have I misunderstood this all together?

For routing, with the MSFC and FWSM being in the same subnet (i believe this
is correct) then I haven't done any routing yet... I want to implement OSPF
across the "link" but wanted to prove layer3 first....

For ACL, I did put in the following and had no effect:

access-list outside extended permit ip any any
access-group outside in interface Outside
access-group outside out interface Outside

Thanks again,

Paul
 

-----Original Message-----
From: Voll, Scott [mailto:Scott.Voll at wesd.org] 
Sent: Thursday, March 22, 2007 12:03 PM
To: Paul Stewart; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] FWSM Question

To start with..... What version of IOS are you running on the MSFC?

Personally I would suggest upgrading your FWSM to 3.x code.  Much better and
has the look and feel of ASA 7.x code.

Is it that it's just not passing traffic?  If that's the problem you will
need three things:

NAT
Route
ACL

Scott

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Paul Stewart
Sent: Thursday, March 22, 2007 8:29 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] FWSM Question

Hi folks....

I'm trying to get a FWSM module up and running... can't get communication
between the MSFC and the FWSM working yet.... figure I'm missing something
simple..

FWSM Version 2.3(2)
nameif vlan99 Outside security0
same-security-traffic permit inter-interface mtu Outside 1500 ip address
Outside xx.xx.248.1 255.255.255.248 interface Outside



firewall multiple-vlan-interfaces
firewall module 8 vlan-group 1
firewall vlan-group 1  66,99

interface Vlan99
 description FWSM
 ip address xx.xx.248.2 255.255.255.248



Am I missing something really simple here? ;)   This will be for
management
and also for an outside interface ... finally it will also be used for OSPF
communication between FSWM and MSFC...

VLAN66 is up and running for inter-chassis failover (active/standby) and
works fine....

Thanks in advance,

Paul

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list