11-16-2007 09:53 AM - edited 03-11-2019 04:32 AM
I am running FWSM 3.2(1) code and catalyst 6500 IOS 12.2(SXF11)
in the switch:
vlan 100 name outside
vlan 200 name inside
int vlan 100
description - outside
ip address 10.128.252.1 255.255.255.0
int vlan 200
description - inside
no ip address
in the FWSM
context test
int vlan 200
nameif outside
bridge-group 1
security-level 0
int vlan 100
nameif inside
bridge-group 1
security-level 100
int bvi1
ip address 10.128.252.2 255.255.255.0
But this is not working. we can ping the 10.128.252.2 from the switch, can't ping anything beyond that in the inside LAN. Within inside LAN, communication within is fine, but can't beyond gateway. What's the cause?
Why do we have a SVI for inside interface without IP address?
At one time, we hade firewall issue, so we just created a new svi to bypass the firewall after shutdown the int vlan100.
Thanks for the explanation.
11-16-2007 12:08 PM
Check this,
http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/exampl_f.html#wp1029042
I hope this help
11-16-2007 12:13 PM
Sure, I looked at this before :-)
My question is
shutdown/no shutdown the inside vlan SVI w/o IP address will have such big effect.
I am having hard time try to understand this.
11-16-2007 12:28 PM
Well the SVI interface in the Supervisor will be use for management of the switch and internal/external routing. You will always need an SVI with an IP to manage the switch, but doesn't have to be in a vlan assign to the FWSM.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide