Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
666
Views
0
Helpful
3
Replies

FWSM: Permiting Traffic

colmgrier
Level 1
Level 1

‎07-30-2009 01:47 AM - edited ‎03-11-2019 09:00 AM

Current lab is setup with 3 VLANS 109,199,200 protected behind the FWSM.

Q1. Pc 10.27.2.12 (VLAN 200) cannot ping 10.26.6.1 (VLAN 109) and 10.27.0.1 (VLAN 199) on the FWSM. Is this possible?

Q2. Pc 10.27.2.12 (VLAN 200) cannot access the FWSM using ASDM software. Is this possible?

Please advise,

Regards,

C

Labels:
Preview file
8 KB
Preview file
16 KB
Preview file
3 KB
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎07-30-2009 10:29 AM

Colm, I have not play with fwsm but does have some similarities with asa's, I'll give this one a shot.

starting with the easy one.

Q2. Pc 10.27.2.12 (VLAN 200) cannot access the FWSM using ASDM software. Is this possible?

Allow admin access for that host on the fwsm to be able to access asdm

http://www.cisco.com/en/US/partner/docs/security/fwsm/fwsm40/configuration/guide/mgacc_f.html#wp1047288

e.i

fwsm(config)# http 10.27.2.12 255.255.255.255 cm-servers

Q1. Pc 10.27.2.12 (VLAN 200) cannot ping 10.26.6.1 (VLAN 109) and 10.27.0.1 (VLAN 199) on the FWSM. Is this possible?

Vlan109 wireless interface, and vlan 200 cm-servers interface have same security level of 100, to enable communication between the two you need same sec traffic intra-interface.

same-security-traffic permit inter-interface

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/intfce_f.html#wp1059402

Regards

Jorge Rodriguez
0 Helpful

colmgrier
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-31-2009 05:15 AM

Thanks Jorge for the reply.

Q1. Pc 10.27.2.12 (VLAN 200) cannot ping 10.26.6.1 (VLAN 109) and 10.27.0.1 (VLAN 199) on the FWSM. Is this possible?

I already had this command applied to the FWSM. For the inside VLANS I can ping hosts on all the inside VLANS but cannot ping the default gateways for other inside vlans. Is this allowed on the FWSM?

same-security-traffic permit inter-interface

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to colmgrier

‎07-31-2009 09:05 AM

As far as I know a host from one vlan where its L3 interface resides in the firewall cannot ping the default gateway of another vlan on the same firewall like you would in a non-firewall router .. this is the way it is on pix/asa and would expect the same behaviour-restriction in FWSM..

If I am mistaken on fwsm perhaps someone could correct.

Regards

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card