×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

FWSM and VPNSM in same 6509 chassis problem.

Unanswered Question
Nov 12th, 2005
User Badges:

Here's my configuration:


17 Security Contexts---VLAN300---MSFC---VLAN250---Admin Context---VLAN100(outside)

VLAN300 is an SVI with an IP of 10.10.10.1 /24

VLAN 250 is an SVI with an IP of 10.20.20.2 /24

The Admin Context inside interface is on VLAN 250 with an IP address of 10.20.20.1 /24.

The 17 Security Contexts have an IP address on their outside interface in the 10.10.10.0 /24 subnet.


Admin context outside interface is connected to Layer2 VLAN100 with an IP address 1.1.1.1 /24.


I also have a VPNSM with an IP address on VLAN 100, 1.1.1.2 /24. I want to terminate all L2L connections on the VPNSM, and have the decrypted traffic routed to the Admin Context for security ACL checks, then routed out to the appropriate interface. There are other interfaces with IP's in different subnets. How can this be achieved?


The traffic that gets decrypted by the VPNSM will get routed to the MSFC and from there it can get to any of the other VLAN's on the MSFC. The other way is true. Users in one of the security contexts can go directly to the SVI configured for the VPNSM.


Any help would be appreciated.


Thanks,


Steve

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ebreniz Thu, 11/17/2005 - 14:03
User Badges:
  • Silver, 250 points or more

It is not very clear to me on what you are trying to achieve and it is very hard to tell without having more details. I am sure L2L VPNs can be terminated on the VPN module and the decrypted traffic sent to the other inside VLANs.

Actions

This Discussion