11-27-2006 04:56 AM - edited 03-11-2019 02:00 AM
Hi, given below is the ver and the interface. How can we create a logical interface eg. inside, outside & dmz?
I've tried binding the int gb-ethernet0 to outside, int gb-ethernet1 to inside using nameif command but to no avail. Any idea? TIA.
FWSM# show ver
FWSM Firewall Version 2.3(4)
FWSM Device Manager Version 4.1(3)
Compiled on Tue 18-Apr-06 20:28 by dalecki
FWSM up 23 hours 31 mins
Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash ♦04-29-05STI Flash 7.2.0 @ 0xc321, 20MB
0: gb-ethernet0: irq 5
1: gb-ethernet1: irq 7
2: ethernet0: irq 11
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES: Enabled
Maximum Interfaces: 256
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Throughput: Unlimited
ISAKMP peers: Unlimited
Security Contexts: 2
This machine has an Unrestricted (UR) license.
Serial Number: SAD103805F5
Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000
Configuration has not been modified since last system restart.
FWSM# show int
Interface eobc "eobc", is up, line protocol is up
MAC address 0000.1700.0000, MTU 1500
11-27-2006 03:26 PM
you will need to create some layer 2 interfaces and allocate them in the context build - you cannot allocate the physical interfaces; in routed mode anyway
11-27-2006 10:18 PM
Can you redirect me to the right url. TIA.
11-27-2006 04:03 PM
Hello,
It doesn't sound like you've assigned any VLANs to the firewall module. If you follow this link here:
It will walk you through some of the commands.
Basically it boils down to on the switch you need to define a group of vlans to pass to the module. Example:
Router(config)# firewall vlan-group 52 100
creates a vlan group named '52' with vlan 100 in it
Router(config)# firewall module 5 vlan-group 52
assigns vlan group 52 to firewall module 5.
--Jason
11-27-2006 10:29 PM
I did that, after binding the fwsm to the vlan-group what's the next task ? TIA.
11-28-2006 08:09 AM
From the FWSM system space, you must assign virtual interfaces to the contexts where you want to use them. Example:
context admin
description Admin Context
allocate-interface Vlan8
allocate-interface Vlan9
config-url disk:/admin.cfg
After that, change to the context and you will see interfaces that you can now assign addresses and security levels to.
-Mike
11-29-2006 04:34 PM
Are you in single or multiple mode?
--Jason
11-29-2006 05:18 PM
Might be good to check that excellent DOC.
Index:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_3/fwsm_cfg/index.htm
Intoduction:
All 2.3.x Documentation :
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_3/index.htm
sincerely
Patrick
11-30-2006 05:37 AM
Thank you guys for your info. After playing around with the fwsm, finally I was able to hop the initial ropes. Presently our client has only one fwsm, if we will go to router mode all the server gw should point to this. There are more or less 100 servers, just imagine the task if the fwsm will fail. Transparent is more sound appeling but what about the pros and cons? if the fwsm will fail will it disrupt the traffic towards outside? Any idea? TIA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide