https://community.cisco.com/t5/network-security/vm-environment-and-firewall/m-p/1557245#M600554 <HTML><HEAD></HEAD><BODY><P>Sure thing</P><P></P><P>we have a virtual cluster</P><P>and currently a single esx host connected to a</P><P>physical cisco switch then from the switch to the firewall.</P><P>the firewall has 3 interfaces for 3 different networks</P><P>10.0.20.0/24, 10.0.30.0/24 and 10.0.40.0/24</P><P>which are going to simulate INT, EXT, and DMZ</P><P>the switch has the routing disabled and configured</P><P>on trunk port from the vm environment and the 3 ports</P><P>with the different vlan for the 3 different networks.</P><P>either I can ping everything with ICMP being permitted</P><P>or I can't ping anything with it being blocked.</P><P>vlan's have an ip of .1 firewall interfaces have an ip of .2</P><P>and each test system has an ip of .3. I am trying to get a basic</P><P>firewall config to allow all outbound from INT to pass and DMZ to gout but not in</P><P>and nothing to come in from EXT. Also can anyone explain to me why a switch needs a default gateway when ip routing is disabled?</P></BODY></HTML> Wed, 20 Oct 2010 15:52:22 GMT eduardo.aquino 2010-10-20T15:52:22Z https://community.cisco.com/t5/network-security/vm-environment-and-firewall/m-p/1557243#M600552 <P>We have a vm environment and then a physical switch and a firewall</P><P>can't seem to get it to work</P><P>need some assistance and I am trying to learn what is going on</P> Mon, 11 Mar 2019 18:57:26 GMT https://community.cisco.com/t5/network-security/vm-environment-and-firewall/m-p/1557243#M600552 eduardo.aquino 2019-03-11T18:57:26Z https://community.cisco.com/t5/network-security/vm-environment-and-firewall/m-p/1557244#M600553 <HTML><HEAD></HEAD><BODY><P>Eduardo,</P><P></P><P>Start with bascis - topology diagram and IP schema. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>What is working, what is not working (pings, http, dns?)?</P><P></P><P>Marcin</P></BODY></HTML> Wed, 20 Oct 2010 15:07:29 GMT https://community.cisco.com/t5/network-security/vm-environment-and-firewall/m-p/1557244#M600553 Marcin Latosiewicz 2010-10-20T15:07:29Z https://community.cisco.com/t5/network-security/vm-environment-and-firewall/m-p/1557245#M600554 <HTML><HEAD></HEAD><BODY><P>Sure thing</P><P></P><P>we have a virtual cluster</P><P>and currently a single esx host connected to a</P><P>physical cisco switch then from the switch to the firewall.</P><P>the firewall has 3 interfaces for 3 different networks</P><P>10.0.20.0/24, 10.0.30.0/24 and 10.0.40.0/24</P><P>which are going to simulate INT, EXT, and DMZ</P><P>the switch has the routing disabled and configured</P><P>on trunk port from the vm environment and the 3 ports</P><P>with the different vlan for the 3 different networks.</P><P>either I can ping everything with ICMP being permitted</P><P>or I can't ping anything with it being blocked.</P><P>vlan's have an ip of .1 firewall interfaces have an ip of .2</P><P>and each test system has an ip of .3. I am trying to get a basic</P><P>firewall config to allow all outbound from INT to pass and DMZ to gout but not in</P><P>and nothing to come in from EXT. Also can anyone explain to me why a switch needs a default gateway when ip routing is disabled?</P></BODY></HTML> Wed, 20 Oct 2010 15:52:22 GMT https://community.cisco.com/t5/network-security/vm-environment-and-firewall/m-p/1557245#M600554 eduardo.aquino 2010-10-20T15:52:22Z https://community.cisco.com/t5/network-security/vm-environment-and-firewall/m-p/1557246#M600555 <HTML><HEAD></HEAD><BODY><P>Eduardo,</P><P></P><P>ip default-gateway is used to manage switch, it's not there for routing of packets.</P><P></P><P>Can you attach "show run" from ASA and enable logging on informational level to buffer, do the test and extract "show logg" output?</P><P></P><P>----------</P><P>logg on</P><P>logg buffered info</P><P>logg buffer-size 1000000</P><P>----------</P><P></P><P>If the output of "show logg" is too big you can tailor it by doing "show logg | i IP_ADDR"</P><P></P><P>Marcin</P></BODY></HTML> Wed, 20 Oct 2010 16:00:11 GMT https://community.cisco.com/t5/network-security/vm-environment-and-firewall/m-p/1557246#M600555 Marcin Latosiewicz 2010-10-20T16:00:11Z https://community.cisco.com/t5/network-security/vm-environment-and-firewall/m-p/1557247#M600556 <HTML><HEAD></HEAD><BODY><P>ok</P><P>I'll work on getting you the config and the buffer/log info</P><P></P><P>And what do you mean its for managing switch.</P><P>because i am being told that it directing traffic</P><P>on the gateway</P></BODY></HTML> Wed, 20 Oct 2010 16:28:04 GMT https://community.cisco.com/t5/network-security/vm-environment-and-firewall/m-p/1557247#M600556 eduardo.aquino 2010-10-20T16:28:04Z https://community.cisco.com/t5/network-security/vm-environment-and-firewall/m-p/1557248#M600557 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Regular packets from a host going to the internet are not going to be routed using that default gateway. That default gateway will be used if you are doing telnet to the switch from a subnet that is not the same as the switch is located, the telnet replies to the default gateway address. </P><P></P><P>Will be waiting for the config and the logs.</P><P></P><P>Cheers</P><P></P><P>Mike</P></BODY></HTML> Wed, 20 Oct 2010 21:42:05 GMT https://community.cisco.com/t5/network-security/vm-environment-and-firewall/m-p/1557248#M600557 Maykol Rojas 2010-10-20T21:42:05Z