Understanding IDSM and FWSM intrachassis

Unanswered Question
Jan 27th, 2009
User Badges:

I've looked through most of the messages on here, and I'm not understanding how to configure inline mode on an IDSM with multiple FWSM contexts.


As an overview, I have a single 7609 chassis with pair of FWSM's in active/standby and a single IDSM-2. Vlans 3001-3250 are my "inside" Vlans, and are part of a VRF (one distinct VRF per Vlan). Vlans 3251-3500 are my "outside" Vlans, each with a unique public /30 address. Context A gets 3001 and 3251, context B gets 3002 and 3252, etc.


If I want to do some form of inline inspection, is Vlan Pair the only choice? I assume Interface Pair isn't a choice because I don't have physical interfaces to use?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tstanik Mon, 02/02/2009 - 13:59
User Badges:
  • Bronze, 100 points or more

You can use IDM or the CLI to configure IDSM-2 to operate in inline mode between two separate VLANs (one VLAN for each side of IDSM-2). To prepare IDSM-2 for inline mode, you must configure the switch as well as IDSM-2


Here is the configuaration guide for the IDSM. Follow the guide it may help you.

http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_idsm2.html#wp1028144



rarick123 Tue, 02/03/2009 - 05:44
User Badges:

Well, I'm going to need to be able to inspect traffic on every VLAN that comes out of the FWSM, so would inline (non-VLAN pair) still work? I've looked at the config guides, and I still don't get it. I can't seem to find any documentation on how to set up the VLAN's on the 7609.

Actions

This Discussion