One of my client recently purchased two FWSM modules and placed it on the 6509E switch. The switch is already in production. The traffic is not yet diverted to the modules. My clients requirement is he want 10 G throghput. The switch is already having 100 vlans and he wants to put only 5 vlans on inside and remaining vlan should be on outside. I am totally new to FWSM and no idea about how to design this requirement. Anyone please help How can I design and plan this implementation. Your help is really appreciable.
Thanks for your reply. As per your idea I will split the traffic and place the vlans. I have 100 vlans running at switch and I want to place only 5 vlans inside and remaining vlans should be outside. Is it possible?. If it is possible I have to create all inerface vlans at FWSM like 5 vlans are inside and the reamining vlans are outside and route the traffic to the outside vlans?. Expecting your valuable suggestions. There is no internet in this site and it is a intranet kind of setup.
You can of course push all the vlans on the FWSM and have the FWSM firewall the outside vlans and the 5 other vlans.
You can also put the 5 vlans behind the FWSM/s and have the outside being a new SVI on the switch and then the switch routing to all the other vlans. That can be done also. So you don't need to push all the vlans to the FWSM/s.
Would you please little bit elaborate. I am just confused to place vlans on the module. If I create all 95 interface vlans as outside interfaces then it seems a big task to route all inside vlan traffic to outside vlans.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...