B-18
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Appendix B Sample Configurations
Transparent Mode Examples
Example 5: Customer C Context Configuration
nameif vlan153 outside security0
nameif vlan7 inside security100
passwd fl0wer
enable password treeh0u$e
ip address 10.1.4.1 255.255.255.0
route outside 0 0 10.1.4.2 1
access-list INTERNET extended permit 89 any any
access-list INTERNET extended permit ip any any
access-list OSPF extended permit 89 any any
access-group INTERNET in interface inside [
Allows all inside hosts to access the outside
for any IP traffic. Also allows OSPF.
]
access-group OSPF in interface outside [
Allows OSPF.
]
Example 5: Switch Configuration
The following lines in the Cisco IOS switch configuration relate to the FWSM:
...
firewall multiple-vlan-interfaces
firewall module 8 vlan-group 1
firewall vlan-group 1 4-7,150-153
interface vlan 150
ip address 10.1.1.2 255.255.255.0
no shut
interface vlan 151
ip address 10.1.2.2 255.255.255.0
no shut
interface vlan 152
ip address 10.1.3.2 255.255.255.0
no shut
interface vlan 153
ip address 10.1.4.2 255.255.255.0
no shut
...
Example 6: Failover
This configuration shows a transparent, multiple context mode FWSM in one switch, and another FWSM
in a second switch acting as a backup (see Figure B-4). Each context (A, B, and C) monitors the inside
interface and outside interface.
The secondary FWSM is also in transparent, multiple context mode, and has the same software version.
To Next Page
Loading...
Need help?
General