08-10-2007 10:31 PM - edited 03-11-2019 03:56 AM
I want to bypass all my internal traffic and external traffic from the FWSM for the perticuer subnet. I am having a gateway connected to external network and FWSMcore connected to internal.
08-11-2007 01:42 AM
Hi
Could you be bit more specific about the topology. Generally speaking if you want to bypass the FWSM just create a layer 3 SVI on the MSFC and don't allocate the vlan to the FWSM.
HTH
Jon
08-12-2007 06:32 PM
Hi Jon,
Thanks for your reply,
Where I need to create the L3 SVI and how may i configure it, please may I know some more details,
As far topology is concerned so as follows:
L2 switch>FWSM core(L3)>FWSM> Gateway(for the external).
Please I will very appreciate to you if you could brief me more clear as I am new for the FW stream.
08-13-2007 01:09 AM
Hi
Which suprevisor do you have in your 6500 switches ?
Your topology
L2 switch - is this the 6500 switch that the FWSM's are in or is it a separate switch.
It's still unclear as to how your firewalling is setup.
An SVI is a vlan interface on your 6500. So lets say you have a vlan 100 that you do not want to go through the FWSM. On your 6500 switch
interface vlan 100
ip address x.x.x.x "subnet mask"
no shut
But i need some more details to give you a proper solution.
Jon
08-13-2007 01:37 AM
Hi Jon,
Many thanks for your prompt reply,
My topology is like L2(DMZ switch) connected to the core switch(6509) and core switch is connected to FWSM core router(L3) and logically FWSM core router(L3) connected to the Gateway for external area. FWSM resides between FWSM core router(L3) and Gateway. We have a physical connection towards to the gateway from the DMZ switch.
We are using the version 12.2 for the FWSM core router(L3) and Version 3.1(6) for the FWSM.
Inside the L2 DMZ switch we are using sup2.
I believe now you will be having more clear picture.
Thanks in advance,
Regards,
Devender Rawat
08-13-2007 12:28 PM
How many FWSM the 6509 has?
The External Gateway is connected in the VLAN that it's define as the Outside?
Subnet that you want to bypass it's part of the inside VLAN?
08-13-2007 07:39 PM
Hi Jon,
Thanks once again and we have only one FWSM in 6509 and the traffice which we need to bypass is inside traffic also whenever any traffic come from outside for the vlan so that should also bypass the FWSM.
I feel sorry if anything is still unclear for you.
Thanks,
Regards,
Devender
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide