B-21
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Appendix B Sample Configurations
Transparent Mode Examples
access-group INTERNET in interface inside [
Allows all inside hosts to access the outside
for any IP traffic
]
access-list BPDU ethertype permit bpdu
access-group BPDU in interface inside
access-group BPDU in interface outside
Example 6: Context C Configuration (Primary)
nameif vlan202 outside security0
nameif vlan6 inside security100
passwd secret0997
enable password strayd0g
ip address inside 10.0.1.1 255.255.255.0 standby 10.0.1.2
monitor-interface inside
monitor-interface outside
route outside 0 0 10.0.1.4 1
telnet 10.0.1.65 255.255.255.255 inside
access-list INTERNET extended permit ip any any
access-group INTERNET in interface inside [
Allows all inside hosts to access the outside
for any IP traffic
]
access-list BPDU ethertype permit bpdu
access-group BPDU in interface inside
access-group BPDU in interface outside
Example 6: Secondary FWSM System Configuration
You do not need to configure any contexts, just the following minimal configuration for the system.
You must first enable multiple context mode using the mode multiple command. Then enter the
activation key to allow more than two contexts using the activation-key command. The mode and the
activation key are not stored in the configuration file, even though they do endure reboots. If you view
the configuration on the FWSM using the write terminal, show startup, or show running commands,
the mode displays after the FWSM Version (blank means single mode, “<system>” means you are in
multiple mode in the system configuration, and <context> means you are in multiple mode in a context).
firewall transparent
failover lan interface faillink vlan 10
failover interface ip faillink 192.168.253.1 255.255.255.252 standby 192.168.253.2
failover lan unit secondary
failover
Example 6: Switch Configuration
The following lines in the Cisco IOS switch configuration on both switches relate to the FWSM. For
information about configuring redundancy for the switch, see the switch documentation.
...
firewall multiple-vlan-interfaces
firewall module 1 vlan-group 1
firewall vlan-group 1 4-6,10,11,200-202
interface vlan 200
ip address 10.0.1.3 255.255.255.0
standby 200 ip 10.0.1.4
standby 200 priority 110
standby 200 preempt
standby 200 timers 5 15
standby 200 authentication Secret
no shut
To Next Page
Loading...
Need help?
General