Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1382
Views
0
Helpful
3
Replies

Failed Firewall Issue

Go to solution
teshagerasfaw
Level 1
Level 1

‎01-18-2022 06:49 AM

Hello there, In my company network we were having Cisco ASA 5500 series firewall but, accidentally because of power surge we lost it. Any one who can just help me for security protection with other means will have a huge welcome. Temporarily I needed to allow internet connection to our clients as needed  so please help me with configuration issue on Cisco WS-C6513-E switch  so that I can connect ISP network directly to Core Switch. Thanks a lot.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-18-2022 07:24 AM

Switch does not do your work.

 

Example : you need NAT ( as your FW doing)

 

suggestion, if you have any Router you can build as NAT Router to get to internet ?

 

If not you need build one quick Linux based FW(if you have any old PC)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-18-2022 07:24 AM

Switch does not do your work.

 

Example : you need NAT ( as your FW doing)

 

suggestion, if you have any Router you can build as NAT Router to get to internet ?

 

If not you need build one quick Linux based FW(if you have any old PC)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎01-18-2022 07:53 AM

 

               >....so that I can connect ISP network directly to Core Switch

  Very bad plan in terms of security. In the future consider HA firewalling solutions too.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎01-18-2022 08:26 AM

What sup and what IOS image in your 6513?

I don't recall whether a 6500 supports NAT/PAT, at least without something like the (old) FlexWAN cards.

If NAT is supported, and/or especially if PAT is supported, either will provide some security as "outside" needs to "match" against a current NAT or PAT entry to get back inside.

I also don't recall whether a 6500 support Reflexive ACLs, which provide "stateful" ACEs from inside to outside.

Something you can also do, with TCP traffic, is filter "outside" for return traffic with "established" in ACE (only works for TCP).

0 Helpful
Customers Also Viewed These Support Documents