06-23-2009 11:58 AM - edited 03-11-2019 08:47 AM
Hi All,
I have the following Inquiry, as the below Question and answer. can Anyone help me how can I terminate a VPN connection using the switch ? what are the requirements ? is there any link that elaborate that?
Q. Can I terminate VPN connections on my FWSM?
A. VPN functionality is not supported on the FWSM except for management connections terminating on the FWSM. Termination of VPN connections for traffic flowing through the FWSM should be performed on the switch and/or VPN Services Module.
thanks,
Jean
06-28-2009 09:44 AM
correct. VPN site to site can only access the FWSM interface IP address and nothing else behind the FWSM. Meaning you can only use it for management purpose.
Here is the link:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/mgâacc_f.html#wp1060264â
06-30-2009 02:12 AM
ok thanks for the clarification but what is the other solution if we want to site-to-site vpn and remote access vpn to access the servers behind the FWSM ?
Jean
06-30-2009 12:13 PM
Jean
If you want to terminate the VPN's on the 6500 you will need one of these -
Obviously you could also use a standalone ASA device if you wanted.
Jon
07-08-2009 06:01 AM
Hi Jon,
now we have installed the VPN services modules in the 7609. what's the next step ? do we configure the Site to site VPN on the fwsm as we used to it on the PIX ?
please help!!!
thanks in advance.
Jean
07-09-2009 03:58 AM
Hi kusankar,
After installing and configuring the fwsm, module, we have installed the VPN services module,
can you please provide me a documentation on how to configure it taking into the consideration the existence of the fwsm in the chassis?
thanks,
07-09-2009 05:52 AM
07-09-2009 06:08 AM
Thanks Srue for your prompt response. I have already this link but i wasn't able to figure out how to configure my VPN in my case.
you can see below my FWSM configuration:
fwsm Configuration
-------------------
!
interface Vlan601
description INTERNET CONNECTION
nameif INTERNET
security-level 0
ip address x.x.x.x 255.255.255.248 standby x.x.x.x
!
and the Switch Configuration:
-----------------------------
vlan 601
name Internet
Interface gig2/1
description Connection to the internet
switchport
switchport mode access
switchport access vlan 601
your help to guide me through the rest of the configuration is appreciated !!
07-09-2009 06:19 AM
have you done any vpn configuration yet on this device?
can you post the output of "show module"
07-09-2009 06:25 AM
No.
Just let me tell you our target. It is to migrate our 535 PIX Firewalls to the new 7609 FWSM along with the VPN service modules.
The output of "show module" shows indeed that the module was recognized and it's ok.
7 2 IPsec VPN Accelerator WS-SVC-IPSEC-1
07-09-2009 11:32 PM
any luck?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide