FWSM Traffic

Unanswered Question
Aug 24th, 2008

Dear all,

I want to Implement the below scenerio, kindly advise.

In 6509 I configured FWSM, how can I send traffic of DMZ interface to IPS appliance of 4270.

thanks & regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Sun, 08/24/2008 - 05:42

You can configure the FWSM in multiple ways with the MSFC (MSFC Inside, Outside etc.)

You can use the IDSM in inline VLAN pair mode. With MSFC outside you can set the default gateway of all the machines in DMZ segment to the FWSM's Virtual Interface for the DMZ zone. The SVI you create on FWSM can be vlan 700 for example named 'DMZ'. Create another VLAN on the core switch (or the switch connecting the servers) and name it 100. Now the server access ports will belong to VLAN 100. But FWSM will have vlan 700 (So the server's default gateway will actually lie in vlan 700). The IDSM module will bridge both of these vlans (100 and 700). This will of course happen at Layer 2.




This Discussion