- Cisco Community
- Technology and Support
- Networking
- Switching
- Internet through UTM
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Internet through UTM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2016 05:28 AM - edited 03-08-2019 05:40 AM
Hello,
I am new to this forum and don't know the rules to post an question.
We are using a Cisco 6950 Switch and have around 15 VLAN configured in it.
We recently got an UTM to access internet from it and put website filtering and other UTM features.
We have around 600 PC's in network and all have manual IP assignment.
After connecting the UTM we are not able to browse internet as gateway is of Cisco.
The UTM support informed that we need to keep the gateway of their device to access internet.
We can't manually change the gateway on all 600 devices.
Please let us know if there is any option to change on switch so that we can access the internet without any major changes.
Please let me know if any more information is required.
Below is the configuration of Switch.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2016.05.05 13:52:46 =~=~=~=~=~=~=~=~=~=~=~=
User Access Verification
Username: xxxxx
Password:
VPT_Core2>en
Password:
Password:
VPT_Core2#sh mo
VPT_Core2#sh modu
VPT_Core2#sh module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- - ----------------- -----------
1 8 Intrusion Detection System WS-SVC-IDSM-2 SAD1119034Y
2 6 Firewall Module WS-SVC-FWM-1 SAD1311013L
3 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL1322R6WK
4 8 CEF720 8 port 10GE with DFC WS-X6708-10GE SAD112203DM
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL1321QNW6
7 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL091383NL
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
1 001b.539d.0d40 to 001b.539d.0d47 6.3 7.2(1) 5.0(2) Ok
2 0021.a082.abf8 to 0021.a082.abff 4.5 7.2(1) 2.3(4) Ok
3 0023.3341.3368 to 0023.3341.3397 3.0 12.2(18r)S1 12.2(33)SXH5 Ok
4 001b.2ad2.a0b8 to 001b.2ad2.a0bf 1.5 12.2(18r)S1 12.2(33)SXH5 Ok
5 000a.b86d.e60c to 000a.b86d.e60f 5.8 8.5(3) 12.2(33)SXH5 Ok
7 0013.7f97.9080 to 0013.7f97.90af 2.9 12.2(14r)S5 12.2(33)SXH5 Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ ----------- ------- -------
1 IDS 2 accelerator board WS-SVC-IDSUPG ADBG7070146 2.5 Ok
3 Centralized Forwarding Card WS-F6700-CFC SAL1322R08Y 4.1 Ok
4 Distributed Forwarding Card WS-F6700-DFC3C SAL1122Q57Y 1.4 Ok
5 Policy Feature Card 3 WS-F6K-PFC3B SAL1320Q0JD 2.5 Ok
5 MSFC3 Daughterboard WS-SUP720 SAL1321QGRX 3.3 Ok
7 Centralized Forwarding Card WS-F6700-CFC SAL091275LG 2.1 Ok
Mod Online Diag Status
1 Pass
2 Pass
3 Pass
4 Pass
5 Pass
7 Pass
VPT_Core2#
VPT_Core2#se
VPT_Core2#sess
VPT_Core2#session sl
VPT_Core2#session slot 2 proc
VPT_Core2#session slot 2 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.21 ... Open
User Access Verification
Password:
Password:
Password:
[Connection to 127.0.0.21 closed by foreign host]
VPT_Core2#sh mo
VPT_Core2#sh mo se
VPT_Core2#sess
VPT_Core2#session sl
VPT_Core2#session slot 2 proce
VPT_Core2#session slot 2 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.21 ... Open
User Access Verification
Password:
Type help or '?' for a list of available commands.
FWSM> en
Password:
FWSM# sh run
: Saved
:
FWSM Version 2.3(4)
nameif vlan2 Management security10
nameif vlan3 server security12
nameif vlan4 IT_DEPT security14
nameif vlan5 EDP security16
nameif vlan6 Finance security18
nameif vlan7 Personal security20
nameif vlan8 Traffic security22
nameif vlan9 R&P security24
nameif vlan10 Civil security26
nameif vlan11 Mechanical security28
nameif vlan12 Cisf security30
nameif vlan13 Marian security32
nameif vlan14 OHC security34
nameif vlan15 MEDICAL security36
nameif vlan16 Database security38
nameif vlan17 Database1 security40
nameif vlan18 CMM security42
nameif vlan19 INTERNET security0
nameif vlan50 CCTVRAXA security44
nameif vlan23 RECASH security46
enable password fyo4xRGf2..YEPIM encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname FWSM
domain-name write
ftp mode passive
fixup protocol dns
fixup protocol ftp 21
fixup protocol h323 H225 1720
fixup protocol h323 ras 1718-1719
fixup protocol icmp
no fixup protocol icmp error
fixup protocol rsh 514
fixup protocol sip 5060
no fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list deny-flow-max 4096
access-list alert-interval 300
access-list Acl_EDP extended permit ip any any
access-list Acl_Management extended permit ip any any
access-list Acl_Finance extended permit ip any any
access-list Acl_server extended permit ip any any
access-list Acl_IT_DEPT extended permit ip any any
access-list Acl_Personal extended permit ip any any
access-list Acl_Traffic extended permit ip any any
access-list Acl_R&P extended permit ip any any
access-list Acl_Civil extended permit ip any any
access-list Acl_Mechanical extended permit ip any any
access-list Acl_Cisf extended permit ip any any
access-list Acl_Marian extended permit ip any any
access-list Acl_OHC extended permit ip any any
access-list Acl_MEDICAL extended permit ip any any
access-list Acl_Database extended permit ip any any
access-list Acl_Database1 extended permit ip any any
access-list Acl_CMM extended permit ip any any
access-list Acl_INTERNET extended permit ip any any
access-list Acl_NAT0 extended permit ip any any
access-list Acl_CCTVRAXA extended permit ip any any
access-list Acl_RECASH extended permit ip any any
pager lines 24
logging on
logging buffer-size 4096
logging buffered debugging
mtu Management 1500
mtu server 1500
mtu IT_DEPT 1500
mtu EDP 1500
mtu Finance 1500
mtu Personal 1500
mtu Traffic 1500
mtu R&P 1500
mtu Civil 1500
mtu Mechanical 1500
mtu Cisf 1500
mtu Marian 1500
mtu OHC 1500
mtu MEDICAL 1500
mtu Database 1500
mtu Database1 1500
mtu CMM 1500
mtu INTERNET 1500
mtu CCTVRAXA 1500
mtu RECASH 1500
ip address Management 10.10.1.1 255.255.255.0 standby 10.10.1.2
ip address server 10.10.2.1 255.255.255.0 standby 10.10.2.10
ip address IT_DEPT 10.10.3.1 255.255.255.0 standby 10.10.3.2
ip address EDP 10.10.4.1 255.255.255.0 standby 10.10.4.2
ip address Finance 10.10.5.1 255.255.255.0 standby 10.10.5.2
ip address Personal 10.10.6.1 255.255.255.0 standby 10.10.6.2
ip address Traffic 10.10.7.1 255.255.255.0 standby 10.10.7.2
ip address R&P 10.10.8.1 255.255.255.0 standby 10.10.8.2
ip address Civil 10.10.9.1 255.255.255.0 standby 10.10.9.2
ip address Mechanical 10.10.10.1 255.255.255.0 standby 10.10.10.2
ip address Cisf 10.10.11.1 255.255.255.0 standby 10.10.11.2
ip address Marian 10.10.12.1 255.255.255.0 standby 10.10.12.2
ip address OHC 10.10.13.1 255.255.255.0 standby 10.10.13.2
ip address MEDICAL 10.10.14.1 255.255.255.0 standby 10.10.14.2
ip address Database 176.10.29.1 255.255.255.0 standby 176.10.29.101
ip address Database1 179.10.29.1 255.255.252.0 standby 179.10.29.101
ip address CMM 10.10.17.1 255.255.255.0 standby 10.10.17.2
ip address INTERNET 10.10.18.1 255.255.255.0 standby 10.10.18.2
ip address CCTVRAXA 10.10.22.1 255.255.255.0 standby 10.10.22.2
ip address RECASH 10.10.23.1 255.255.255.0 standby 10.10.23.2
failover
failover lan unit secondary
failover lan interface fwsm vlan 20
failover polltime unit 1 holdtime 15
failover polltime interface 15
failover interface-policy 1
failover replication http
failover link statfull vlan 21
failover interface ip fwsm 10.10.20.1 255.255.255.0 standby 10.10.20.2
failover interface ip statfull 10.10.21.1 255.255.255.0 standby 10.10.21.2
monitor-interface Management
monitor-interface server
monitor-interface IT_DEPT
monitor-interface EDP
monitor-interface Finance
monitor-interface Personal
monitor-interface Traffic
monitor-interface R&P
monitor-interface Civil
monitor-interface Mechanical
monitor-interface Cisf
monitor-interface Marian
monitor-interface OHC
monitor-interface MEDICAL
monitor-interface Database
monitor-interface Database1
monitor-interface CMM
monitor-interface INTERNET
monitor-interface CCTVRAXA
monitor-interface RECASH
icmp permit any Management
icmp permit any server
icmp permit any IT_DEPT
icmp permit any EDP
icmp permit any Finance
icmp permit any Personal
icmp permit any Traffic
icmp permit any R&P
icmp permit any Civil
icmp permit any Mechanical
icmp permit any Cisf
icmp permit any Marian
icmp permit any OHC
icmp permit any MEDICAL
icmp permit any Database
icmp permit any Database1
icmp permit any CMM
icmp permit any INTERNET
icmp permit any CCTVRAXA
icmp permit any RECASH
no pdm history enable
arp timeout 14400
nat (Management) 0 access-list Acl_NAT0
nat (server) 0 access-list Acl_NAT0
nat (IT_DEPT) 0 access-list Acl_NAT0
nat (EDP) 0 access-list Acl_NAT0
nat (Finance) 0 access-list Acl_NAT0
nat (Personal) 0 access-list Acl_NAT0
nat (Traffic) 0 access-list Acl_NAT0
nat (R&P) 0 access-list Acl_NAT0
nat (Civil) 0 access-list Acl_NAT0
nat (Mechanical) 0 access-list Acl_NAT0
nat (Cisf) 0 access-list Acl_NAT0
nat (Marian) 0 access-list Acl_NAT0
nat (OHC) 0 access-list Acl_NAT0
nat (MEDICAL) 0 access-list Acl_NAT0
nat (Database) 0 access-list Acl_NAT0
nat (Database1) 0 access-list Acl_NAT0
nat (CMM) 0 access-list Acl_NAT0
nat (INTERNET) 0 access-list Acl_NAT0
nat (CCTVRAXA) 0 access-list Acl_NAT0
nat (RECASH) 0 access-list Acl_NAT0
access-group Acl_Management in interface Management
access-group Acl_server in interface server
access-group Acl_IT_DEPT in interface IT_DEPT
access-group Acl_EDP in interface EDP
access-group Acl_Finance in interface Finance
access-group Acl_Personal in interface Personal
access-group Acl_Traffic in interface Traffic
access-group Acl_R&P in interface R&P
access-group Acl_Civil in interface Civil
access-group Acl_Mechanical in interface Mechanical
access-group Acl_Cisf in interface Cisf
access-group Acl_Marian in interface Marian
access-group Acl_OHC in interface OHC
access-group Acl_MEDICAL in interface MEDICAL
access-group Acl_Database in interface Database
access-group Acl_Database1 in interface Database1
access-group Acl_CMM in interface CMM
access-group Acl_INTERNET in interface INTERNET
access-group Acl_CCTVRAXA in interface CCTVRAXA
access-group Acl_RECASH in interface RECASH
!
interface Management
!
!
interface server
!
!
interface IT_DEPT
!
!
interface EDP
!
!
interface Finance
!
!
interface Personal
!
!
interface Traffic
!
!
interface R&P
!
!
interface Civil
!
!
interface Mechanical
!
!
interface Cisf
!
!
interface Marian
!
!
interface OHC
!
!
interface MEDICAL
!
!
interface Database
!
!
interface Database1
!
!
interface CMM
!
!
interface INTERNET
!
!
interface CCTVRAXA
!
!
interface RECASH
!
!
route INTERNET 0.0.0.0 0.0.0.0 10.10.18.10 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 rpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 2:00:00 absolute
username cisco password xxxxxxxx encrypted privilege 2
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 10.10.1.0 255.255.255.0 Management
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp
floodguard enable
fragment size 200 Management
fragment chain 24 Management
fragment size 200 server
fragment chain 24 server
fragment size 200 IT_DEPT
fragment chain 24 IT_DEPT
fragment size 200 EDP
fragment chain 24 EDP
fragment size 200 Finance
fragment chain 24 Finance
fragment size 200 Personal
fragment chain 24 Personal
fragment size 200 Traffic
fragment chain 24 Traffic
fragment size 200 R&P
fragment chain 24 R&P
fragment size 200 Civil
fragment chain 24 Civil
fragment size 200 Mechanical
fragment chain 24 Mechanical
fragment size 200 Cisf
fragment chain 24 Cisf
fragment size 200 Marian
fragment chain 24 Marian
fragment size 200 OHC
fragment chain 24 OHC
fragment size 200 MEDICAL
fragment chain 24 MEDICAL
fragment size 200 Database
fragment chain 24 Database
fragment size 200 Database1
fragment chain 24 Database1
fragment size 200 CMM
fragment chain 24 CMM
fragment size 200 INTERNET
fragment chain 24 INTERNET
fragment size 200 CCTVRAXA
fragment chain 24 CCTVRAXA
fragment size 200 RECASH
fragment chain 24 RECASH
telnet 10.10.1.0 255.255.255.0 Management
telnet timeout 5
ssh timeout 5
dhcprelay server 10.10.2.11 server
dhcprelay enable IT_DEPT
dhcprelay enable EDP
dhcprelay enable Finance
dhcprelay enable Personal
dhcprelay enable Traffic
dhcprelay enable R&P
dhcprelay enable Civil
dhcprelay enable Mechanical
dhcprelay enable Cisf
dhcprelay enable Marian
dhcprelay enable OHC
dhcprelay enable MEDICAL
dhcprelay enable CMM
dhcprelay timeout 60
terminal width 80
Cryptochecksum:xxxxxxxxxx
: end
FWSM# exit
VPT_Core2#
Thank you.
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2016 06:09 AM
What's this switch - you stated a 6950?
If your NAT configuration is complete, then the internal PC's and devices should be using a NAT (PAT) translation so that they "look like" addresses behind 10.10.18.0 network - which would then satisfy the requirement of the internet provider. They can really only provide access on that range; so NAT functionality "translates" the address to do that, and then re-packages the return packets to their original source addresses on your vlans.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide