how to bypass the traffic from FWSM for the perticuer subnet

Unanswered Question
Aug 10th, 2007

I want to bypass all my internal traffic and external traffic from the FWSM for the perticuer subnet. I am having a gateway connected to external network and FWSMcore connected to internal.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sat, 08/11/2007 - 01:42

Hi

Could you be bit more specific about the topology. Generally speaking if you want to bypass the FWSM just create a layer 3 SVI on the MSFC and don't allocate the vlan to the FWSM.

HTH

Jon

derawat28 Sun, 08/12/2007 - 18:32

Hi Jon,

Thanks for your reply,

Where I need to create the L3 SVI and how may i configure it, please may I know some more details,

As far topology is concerned so as follows:

L2 switch>FWSM core(L3)>FWSM> Gateway(for the external).

Please I will very appreciate to you if you could brief me more clear as I am new for the FW stream.

Jon Marshall Mon, 08/13/2007 - 01:09

Hi

Which suprevisor do you have in your 6500 switches ?

Your topology

L2 switch - is this the 6500 switch that the FWSM's are in or is it a separate switch.

It's still unclear as to how your firewalling is setup.

An SVI is a vlan interface on your 6500. So lets say you have a vlan 100 that you do not want to go through the FWSM. On your 6500 switch

interface vlan 100

ip address x.x.x.x "subnet mask"

no shut

But i need some more details to give you a proper solution.

Jon

derawat28 Mon, 08/13/2007 - 01:37

Hi Jon,

Many thanks for your prompt reply,

My topology is like L2(DMZ switch) connected to the core switch(6509) and core switch is connected to FWSM core router(L3) and logically FWSM core router(L3) connected to the Gateway for external area. FWSM resides between FWSM core router(L3) and Gateway. We have a physical connection towards to the gateway from the DMZ switch.

We are using the version 12.2 for the FWSM core router(L3) and Version 3.1(6) for the FWSM.

Inside the L2 DMZ switch we are using sup2.

I believe now you will be having more clear picture.

Thanks in advance,

Regards,

Devender Rawat

rigoberto.cintr... Mon, 08/13/2007 - 12:28

How many FWSM the 6509 has?

The External Gateway is connected in the VLAN that it's define as the Outside?

Subnet that you want to bypass it's part of the inside VLAN?

derawat28 Mon, 08/13/2007 - 19:39

Hi Jon,

Thanks once again and we have only one FWSM in 6509 and the traffice which we need to bypass is inside traffic also whenever any traffic come from outside for the vlan so that should also bypass the FWSM.

I feel sorry if anything is still unclear for you.

Thanks,

Regards,

Devender

Actions

This Discussion