jsivulka Thu, 09/27/2007 - 14:40

These will need to be unique addresses in the same vlan 100 for the SVI. Now, you can configure the MSFC to connect to the FWSM's Inside interface, but in my thinking it is more logical to connect it to the FWSM's Outside interface. This is because usually the MSFC (layer 3 router) connects to the Internet and is the edge device. Thus, the logical packet flow is from the PC > to a VLAN, say 200 > to the FWSM Inside or DMZ > to the MSFC > to the Internet. Thus the FWSM Outside interface would face the MSFC as a normal firewall would. The determining factor is what device will border the Internet, the MSFC or the FWSM. Remember to set a default gateway to the next hop of the Internet on the edge device (MSFC or FWSM).

