Understanding IDSM and FWSM intrachassis

Unanswered Question
Jan 27th, 2009

I've looked through most of the messages on here, and I'm not understanding how to configure inline mode on an IDSM with multiple FWSM contexts.

As an overview, I have a single 7609 chassis with pair of FWSM's in active/standby and a single IDSM-2. Vlans 3001-3250 are my "inside" Vlans, and are part of a VRF (one distinct VRF per Vlan). Vlans 3251-3500 are my "outside" Vlans, each with a unique public /30 address. Context A gets 3001 and 3251, context B gets 3002 and 3252, etc.

If I want to do some form of inline inspection, is Vlan Pair the only choice? I assume Interface Pair isn't a choice because I don't have physical interfaces to use?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tstanik Mon, 02/02/2009 - 13:59

You can use IDM or the CLI to configure IDSM-2 to operate in inline mode between two separate VLANs (one VLAN for each side of IDSM-2). To prepare IDSM-2 for inline mode, you must configure the switch as well as IDSM-2

Here is the configuaration guide for the IDSM. Follow the guide it may help you.

http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_idsm2.html#wp1028144

rarick123 Tue, 02/03/2009 - 05:44

Well, I'm going to need to be able to inspect traffic on every VLAN that comes out of the FWSM, so would inline (non-VLAN pair) still work? I've looked at the config guides, and I still don't get it. I can't seem to find any documentation on how to set up the VLAN's on the 7609.

Actions

This Discussion