cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
477
Views
0
Helpful
2
Replies

Understanding IDSM and FWSM intrachassis

rarick123
Level 1
Level 1

I've looked through most of the messages on here, and I'm not understanding how to configure inline mode on an IDSM with multiple FWSM contexts.

As an overview, I have a single 7609 chassis with pair of FWSM's in active/standby and a single IDSM-2. Vlans 3001-3250 are my "inside" Vlans, and are part of a VRF (one distinct VRF per Vlan). Vlans 3251-3500 are my "outside" Vlans, each with a unique public /30 address. Context A gets 3001 and 3251, context B gets 3002 and 3252, etc.

If I want to do some form of inline inspection, is Vlan Pair the only choice? I assume Interface Pair isn't a choice because I don't have physical interfaces to use?

2 Replies 2

tstanik
Level 5
Level 5

You can use IDM or the CLI to configure IDSM-2 to operate in inline mode between two separate VLANs (one VLAN for each side of IDSM-2). To prepare IDSM-2 for inline mode, you must configure the switch as well as IDSM-2

Here is the configuaration guide for the IDSM. Follow the guide it may help you.

http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_idsm2.html#wp1028144

Well, I'm going to need to be able to inspect traffic on every VLAN that comes out of the FWSM, so would inline (non-VLAN pair) still work? I've looked at the config guides, and I still don't get it. I can't seem to find any documentation on how to set up the VLAN's on the 7609.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: