1.) get into context configured in Tutorial 1
FWSM# changeto context IOD
2.) choose Transparent or routing mode ( default is routing – this tutorial) otherwise: firewall transparent (global config)
3.) configure interfaces:
interface Vlan1200
nameif inside
security-level 100
ip address x.x.x.x 255.255.255.248
!
interface Vlan1220
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.248
4.)configure routing:
route inside x.x.x.x 255.255.0.0 x.x.x.x
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
5.)configure access-lists (any rule just for testing)
access-list inside extended permit ip any any
access-list outside extended permit ip any any
6.) apply access lists to interfaces
access-group inside in interface inside
access-group outside in interface outside
7.) permit ICMP (just for testing not recommended for production)
icmp permit any inside
icmp permit any outside
8.) disable NAT control … easier to learn without NAT we will implement in a later tutorial
FWSM/IOD(config)# no nat-control
9.) Test with ICMP (gave up putting in X’s it’s only a lab ! )
FWSM/IOD# ping 10.8.120.1
Sending 5, 100-byte ICMP Echos to 10.8.120.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
FWSM/IOD# ping 10.8.120.6
Sending 5, 100-byte ICMP Echos to 10.8.120.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
FWSM/IOD# ping 10.8.122.6
Sending 5, 100-byte ICMP Echos to 10.8.122.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
FWSM/IOD# ping 10.8.122.1
Sending 5, 100-byte ICMP Echos to 10.8.122.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
FWSM/IOD#
