Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1171
Views
5
Helpful
9
Replies

FWSM configuration

Go to solution
cisco.anubhav
Level 1
Level 1

‎03-02-2011 02:10 AM - edited ‎03-11-2019 12:59 PM

Hi,

I am new to FWSM and i have a network in which FWSM is installed on 7613 router which has many wan links connected to it,there is a P2P link between router and cisco 3560 G multilayer switch(10.229.1.252/30) ,this L3 has 4 vlans and other networks connected to L3 and another switch 3560  is connected to L3 which connects its own LAN in the range of 10.229.1.0/24.Should i use Transparent mode on FWSM  or Routed mode,what could be my inside and outside interface,and what ip adds should i use on them.Since its a connectivity based on Vlan interfaces should i use a new range for BV1 interface.

At present my topology is attached in Doc1 and current FWSM config in second attachment.,hope for your help in this case.

Thanks,

Labels:
Preview file
27 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5

‎03-02-2011 04:15 AM

Conside which networks you want to protect and that way you will be able to set your inside and outside interfaces. I had a similar case and iI used bridge interfaces since I had multiple inside LAN subnets with different IPs as gateways on the core switch.

Try to work your ideas, draw a topology and try to test this out before going into production.

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
9 Replies 9

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5

‎03-02-2011 04:15 AM

Conside which networks you want to protect and that way you will be able to set your inside and outside interfaces. I had a similar case and iI used bridge interfaces since I had multiple inside LAN subnets with different IPs as gateways on the core switch.

Try to work your ideas, draw a topology and try to test this out before going into production.

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
cisco.anubhav
Level 1
Level 1
In response to PAUL GILBERT ARIAS

‎03-02-2011 05:14 AM

Hi,

Thanks for the reply,its the ip that i m more concerned, what ip should i give on bv interface,as its said that both inside and outside sholud be on sane ip subnet and different vlan and inside interface must have the ip of the connected ip subnet.what ip should be used kindly suggest. kindly consider the attached config

Thanks,

Preview file
3 KB
0 Helpful

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5
In response to cisco.anubhav

‎03-02-2011 06:08 AM

You can add an available IP that could be reachable for management porpuses. If you are going to have bridge groups then it means that the firewall is in L2. If you are planning to have multiple bvi interface I can tell you it is not needed. You can create one just for management.

On the setup I did for a costumer I configured the BVI interface in a complete different subnet, this was a management VLAN. Just make sure you include that VLAN on the configuration required on the 7600/6500.

Go to solution
cisco.anubhav
Level 1
Level 1
In response to PAUL GILBERT ARIAS

‎03-07-2011 10:03 PM

Hi,

thanks for ur help,I m very cionfused at the moment so that  i may get out of this confusion.The scenario is this that FWSM is on cisco 7613 and my LAN to be protected is two swithches away there are point to point links between router and switchL3 using two ip adds 10.229.1.253.on router and 10.229.1.254 on switch what ip should we use on fwsm BV interface as curently we have put 10.229.1.252 on it but the status of BV interface is admin down and line protocol is up,

we have three vlan on our L3 and another switch connected to L3 has our Lans to be protected.Kindly help

0 Helpful

Go to solution
cisco.anubhav
Level 1
Level 1
In response to cisco.anubhav

‎03-10-2011 05:31 AM

Hi Paul,

kindly help and suggest if i m goin in the right direction,as there is a P2P link between my 7613 and L3 3560 and fwsm is on 7613 i m goin to use an entirely new address(say 192.168.1.0) for this192.168.1.1 will be on vlan 100 on router 1.2 will be on fwsm bv1 interface ,would it be okay as there are already 3 different VLANs on my L3 and one of them contains the servers i wanna protect(10.220.1.0 range).

thanks,

0 Helpful

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5
In response to cisco.anubhav

‎03-10-2011 06:14 AM

I am not able to understand this question. I need to picture it on my mind but I can't image how is the topology. Can you explain a little more?

0 Helpful

Go to solution
cisco.anubhav
Level 1
Level 1
In response to PAUL GILBERT ARIAS

‎03-10-2011 09:37 PM

Hi Paul,

the figure is given in the first post of mine,still ,i may give it here

7613----FWSM-------3560------3560-------|10.229.1.0 (n/w to be protected.)

0 Helpful

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5
In response to cisco.anubhav

‎03-10-2011 06:13 AM

it the interface is admin down you need to apply the no shut command.

0 Helpful

Go to solution
cisco.anubhav
Level 1
Level 1
In response to PAUL GILBERT ARIAS

‎03-11-2011 02:59 AM

Hi Paul,

the figure is given in the first post of mine,still ,i may give it here

                                                       ------------------

7613----FWSM-------3560------3560-------|10.229.1.0 (n/w to be protected.)

      |                       |

10.220.62.x/30        10.22062.Y/30

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card