Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1060
Views
2
Helpful
8
Replies

logical int on fwsm

dondongamo
Level 1
Level 1

‎11-27-2006 04:56 AM - edited ‎03-11-2019 02:00 AM

Hi, given below is the ver and the interface. How can we create a logical interface eg. inside, outside & dmz?

I've tried binding the int gb-ethernet0 to outside, int gb-ethernet1 to inside using nameif command but to no avail. Any idea? TIA.

FWSM# show ver

FWSM Firewall Version 2.3(4)

FWSM Device Manager Version 4.1(3)

Compiled on Tue 18-Apr-06 20:28 by dalecki

FWSM up 23 hours 31 mins

Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz

Flash ♦04-29-05STI Flash 7.2.0 @ 0xc321, 20MB

0: gb-ethernet0: irq 5

1: gb-ethernet1: irq 7

2: ethernet0: irq 11

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES: Enabled

Maximum Interfaces: 256

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Throughput: Unlimited

ISAKMP peers: Unlimited

Security Contexts: 2

This machine has an Unrestricted (UR) license.

Serial Number: SAD103805F5

Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000

Configuration has not been modified since last system restart.

FWSM# show int

Interface eobc "eobc", is up, line protocol is up

MAC address 0000.1700.0000, MTU 1500

Labels:
0 Helpful
8 Replies 8

eugene.beckett
Level 1
Level 1

‎11-27-2006 03:26 PM

you will need to create some layer 2 interfaces and allocate them in the context build - you cannot allocate the physical interfaces; in routed mode anyway

0 Helpful

dondongamo
Level 1
Level 1
In response to eugene.beckett

‎11-27-2006 10:18 PM

Can you redirect me to the right url. TIA.

0 Helpful

jgervia_2
Level 1
Level 1

‎11-27-2006 04:03 PM

Hello,

It doesn't sound like you've assigned any VLANs to the firewall module. If you follow this link here:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_2/fwsm_cfg/switch.htm#wp1175893

It will walk you through some of the commands.

Basically it boils down to on the switch you need to define a group of vlans to pass to the module. Example:

Router(config)# firewall vlan-group 52 100

creates a vlan group named '52' with vlan 100 in it

Router(config)# firewall module 5 vlan-group 52

assigns vlan group 52 to firewall module 5.

--Jason

0 Helpful

dondongamo
Level 1
Level 1
In response to jgervia_2

‎11-27-2006 10:29 PM

I did that, after binding the fwsm to the vlan-group what's the next task ? TIA.

0 Helpful

pringlem
Level 1
Level 1
In response to dondongamo

‎11-28-2006 08:09 AM

From the FWSM system space, you must assign virtual interfaces to the contexts where you want to use them. Example:

context admin

description Admin Context

allocate-interface Vlan8

allocate-interface Vlan9

config-url disk:/admin.cfg

After that, change to the context and you will see interfaces that you can now assign addresses and security levels to.

-Mike

jgervia_2
Level 1
Level 1
In response to dondongamo

‎11-29-2006 04:34 PM

Are you in single or multiple mode?

--Jason

0 Helpful

dondongamo
Level 1
Level 1
In response to Patrick Iseli

‎11-30-2006 05:37 AM

Thank you guys for your info. After playing around with the fwsm, finally I was able to hop the initial ropes. Presently our client has only one fwsm, if we will go to router mode all the server gw should point to this. There are more or less 100 servers, just imagine the task if the fwsm will fail. Transparent is more sound appeling but what about the pros and cons? if the fwsm will fail will it disrupt the traffic towards outside? Any idea? TIA.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card