Questions on 6500 series

Unanswered Question
Aug 5th, 2009

We're looking at replacing a 4507R at the core of our network with a 6500 series. Currently, the 4507R has a supervisor engine IV, 3 48-port copper blades, and 2 6-port fiber blades. We're hoping to include in the 6500 series replacement the firewall module (to replace a PIX 525), vpn (to replace a 3005 concentrator), and IDS/IPS.

I'm a little confused as to what I need from looking at the Cisco product pages. Is there a guide somewhere as to what to get? The firewall that we would be replacing is actually a pair of PIX 525s in an active/standby pair. We'd like to have some redundancy in the 6500 as well. We'd also like some sort of failover for the IDS/IPS if possible.

A couple of questions:

- if I have two FWSMs installed, they would load balance, and if one failed, the other would take over all traffic, correct?

- I see a "VPN services port adapter" and a "VPN shared port adapter"... I'm not sure how they differ

- The supervisor engine 720 and the supervisor engine 32... we'd need one or the other, correct?

- Would we need the Policy Feature Card and the Distributed Forwarding Card?

Thanks!

--Steve

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Wed, 08/05/2009 - 06:15

Steve-

Are you looking at a single 6500 or a pair? If you're looking at a pair look at VSS-

http://www.cisco.com/en/US/products/ps9336/index.html

The "VPN services port adapter" and a "VPN shared port adapter" are the same thing, it's new name and old name.

You can use either the sup32 or the sup720. If VSS does interest you (and it should :-), you will have to use the sup720. Sup32 is a performance-optimized and price-optimized version of Sup720. Sup32 is 32-Gbps bus-based architecture, whereas the Sup720 is a 720-Gbps switch-fabric-based architecture.

The DFC is not required, but recommended. The price point of the card is very low and you gain a great deal from it. Here's a little more info on it.

DFC/PFC-

http://www.cisco.com/en/US/products/hw/switches/ps708/products_qanda_item09186a00809a7673.shtml#qa4

The best place to get info on how to design, what you need, and all the correct part numbers is form your local Cisco SE. They are there to do just this, give them a call.

Hope this helps.

Jon Marshall Wed, 08/05/2009 - 09:12

Steve

Just to add to Collin's post -

"if I have two FWSMs installed, they would load balance, and if one failed, the other would take over all traffic, correct?"

No. One firewall would be active and the other standby. However you can run multiple virtual firewalls on the FWSM (contexts) and you can have one FWSM active for some of the contexts and the other FWSM active for the others - this is called active/active.

"Would we need the Policy Feature Card and the Distributed Forwarding Card?"

PFC comes with the supervisor. DFC is an add on card to certain modules and allows the module to do local switching rather than having to send everything to the supervisor.

Jon

Actions

This Discussion