https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776070#M984519 <HTML><HEAD></HEAD><BODY><P>no, the client PCs are of different vlans with respect to their respective outside interfaces.</P><P></P><P>i dont have working config yet for this setup but here is my current config:</P><P></P><P>nameif vlan325 internet security0</P><P>nameif vlan555 fwtest security0</P><P>nameif vlan327 inside security100</P><P>access-list inside_access_in extended permit ip x.x.x.x [IP from inside] host y.y.y.y [PC1] </P><P>access-list internet_access_in extended permit ip host y.y.y.y [PC1] host x.x.x.x [IP from inside] </P><P>access-list fwtest_access_in extended permit ip any </P><P>ip address inside </P><P>ip address internet </P><P>ip address fwtest </P><P>icmp permit any inside</P><P>icmp permit any internet</P><P>icmp permit any fwtest</P><P>no pdm history enable</P><P>arp timeout 14400</P><P>global (inside) 1 interface</P><P>global (internet) 1 interface</P><P>global (fwtest) 3 interface</P><P>global (bdoextranetout) 2 interface</P><P>nat (inside) 0 access-list inside_nat0_outbound</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P>nat (internet) 1 access-list fwtest_nat0_outbound</P><P>nat (fwtest) 3 access-list bdoextranetin_pnat_outbound_V3</P><P>!</P><P>interface inside</P><P>!</P><P>interface internet</P><P>!</P><P>!</P><P>interface fwtest</P></BODY></HTML> Thu, 12 Jul 2007 06:52:31 GMT dennisopiso 2007-07-12T06:52:31Z https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776066#M984515 <P>i'm trying to make two outside interfaces in FWSM to talk to each other and i cant seem to make it work. any idea or sample configuration please</P> Mon, 11 Mar 2019 10:43:49 GMT https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776066#M984515 dennisopiso 2019-03-11T10:43:49Z https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776067#M984516 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>What do you mean by talk to each other. Do you mean from interface to interface. </P><P></P><P>Are you running multiple contexts. Do the contexts share a vlan on the outside interface. </P><P></P><P>Please elaborate on what you need.</P><P></P><P>Jon</P></BODY></HTML> Thu, 12 Jul 2007 06:12:16 GMT https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776067#M984516 Jon Marshall 2007-07-12T06:12:16Z https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776068#M984517 <HTML><HEAD></HEAD><BODY><P>hi jon,yes the fwsm is running multiple contexts. in one of the contexts, i created multiple outside interfaces (e.g. vlan 500 and vlan 555). </P><P></P><P>i also attached a diagram to have a clearer view</P><P></P><P>thanks</P><P></P><P></P><P> </P><P></P></BODY></HTML> Thu, 12 Jul 2007 06:27:35 GMT https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776068#M984517 dennisopiso 2007-07-12T06:27:35Z https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776069#M984518 <HTML><HEAD></HEAD><BODY><P>okay, so you have 2 interfaces on the outside within the same context. Are the client PC's in the same vlans as their relevant outside interface ? </P><P></P><P>Presumably you are trying to get connectivity between your PC's ?</P><P></P><P>Could you send a copy of your FWSM config ? </P><P></P><P>Jon</P></BODY></HTML> Thu, 12 Jul 2007 06:31:12 GMT https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776069#M984518 Jon Marshall 2007-07-12T06:31:12Z https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776070#M984519 <HTML><HEAD></HEAD><BODY><P>no, the client PCs are of different vlans with respect to their respective outside interfaces.</P><P></P><P>i dont have working config yet for this setup but here is my current config:</P><P></P><P>nameif vlan325 internet security0</P><P>nameif vlan555 fwtest security0</P><P>nameif vlan327 inside security100</P><P>access-list inside_access_in extended permit ip x.x.x.x [IP from inside] host y.y.y.y [PC1] </P><P>access-list internet_access_in extended permit ip host y.y.y.y [PC1] host x.x.x.x [IP from inside] </P><P>access-list fwtest_access_in extended permit ip any </P><P>ip address inside </P><P>ip address internet </P><P>ip address fwtest </P><P>icmp permit any inside</P><P>icmp permit any internet</P><P>icmp permit any fwtest</P><P>no pdm history enable</P><P>arp timeout 14400</P><P>global (inside) 1 interface</P><P>global (internet) 1 interface</P><P>global (fwtest) 3 interface</P><P>global (bdoextranetout) 2 interface</P><P>nat (inside) 0 access-list inside_nat0_outbound</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P>nat (internet) 1 access-list fwtest_nat0_outbound</P><P>nat (fwtest) 3 access-list bdoextranetin_pnat_outbound_V3</P><P>!</P><P>interface inside</P><P>!</P><P>interface internet</P><P>!</P><P>!</P><P>interface fwtest</P></BODY></HTML> Thu, 12 Jul 2007 06:52:31 GMT https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776070#M984519 dennisopiso 2007-07-12T06:52:31Z https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776071#M984520 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>Okay, before we do anything else can you add the following if it isn't already in your config</P><P></P><P>same-security-traffic permit inter-interface</P><P>and let me know what happens.</P><P></P><P>Jon</P></BODY></HTML> Thu, 12 Jul 2007 06:59:19 GMT https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776071#M984520 Jon Marshall 2007-07-12T06:59:19Z https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776072#M984521 <HTML><HEAD></HEAD><BODY><P>already added </P><P></P><P>same-security-traffic permit inter-interface </P><P></P><P>but still nothing happens</P><P></P><P>thanks</P></BODY></HTML> Thu, 12 Jul 2007 07:03:03 GMT https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776072#M984521 dennisopiso 2007-07-12T07:03:03Z https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776073#M984522 <HTML><HEAD></HEAD><BODY><P>just thought i'd check <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>You say the PC are not on the same vlans as the FWSM outside interfaces. </P><P></P><P>Do you have Layer 3 SVI's for each outside interface of your FWSM on your switch ?</P><P></P><P>It would help if you could send the full config for this context plus the relevant firewall lines (firewall vlan-group etc) from your switch plus an output of a sh ip int br on your switch. </P><P></P><P>Jon</P></BODY></HTML> Thu, 12 Jul 2007 07:18:41 GMT https://community.cisco.com/t5/network-security/fwsm-outside-interface/m-p/776073#M984522 Jon Marshall 2007-07-12T07:18:41Z