Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1353
Views
0
Helpful
20
Replies

FWSM & IDSM2

estelamathew
Level 2
Level 2

‎08-16-2010 09:52 PM - edited ‎03-11-2019 11:26 AM

Dear's,

Any different configuration for 6500 or IDSM-2 if i m placing with FWSM???? . I will place IDSM-2 in inline vlan pair mode,and all SVI will be created on FWSM instead of MSFC.

Any suggestion please on above design and configuration.

Thanks

Labels:
0 Helpful
20 Replies 20

estelamathew
Level 2
Level 2
In response to Scott Nishimura

‎08-20-2010 02:26 PM

Hello Scott,

you would need 2 virtual sensors like this:

host  A-----inline4200IPS----vlan1switch------inline4200IPS---host B

Really i did'nt understood the above diagram,

If suppose i dont have a IDSM-2 and i have a 4200 series  IPS still the traffic flow is same as such it was for IDSM-2.

Pairing:real SVI created for vlan 2 and 3 and dummy vlan 1 and 4

vlan 1 to 2

vlan 3 to 4

vlan 1                                                                                       vlan4

hostA--- 4200----int vlan2--------int vlan 3------4200----hostB

The above diagram is for 1 virtual sensor

Thanks

0 Helpful

Scott Nishimura
Cisco Employee
Cisco Employee

‎08-20-2010 02:29 PM

Hi Estela,

yes, that is correct.. not much difference, except in your diagram, you would be also bridging vlan 2 to vlan 3 keeping it L2 the entire way.

regards,

scott

0 Helpful

estelamathew
Level 2
Level 2
In response to Scott Nishimura

‎08-20-2010 02:39 PM

Hello Scott,

Vlan 2 and vlan 3 are already bridging by 1 and 4.   1 and 4 are dummy vlan only for bridging purpose.

i made a mistake is typing in above mail pairing option

Can u explain me the below lines

With the IDSM2, you wont really run into this much, with our external  42xx series IPS devices, you could and because the code is the same  base, you would need 2 virtual sensors like this:

host  A-----inline4200IPS----vlan1switch------inline4200IPS---host B

thanks

0 Helpful

Scott Nishimura
Cisco Employee
Cisco Employee
In response to estelamathew

‎08-20-2010 02:42 PM

Hi Estela,

yes, thats correct..  if vlan 2 and 3 were also bridged, then it would be L2 straight through from both end points.

As mentioned earlier, its not as prevalent nowadays.

regards,

scott

0 Helpful

estelamathew
Level 2
Level 2
In response to Scott Nishimura

‎08-20-2010 02:47 PM

Thank u very much Scott for ur replies,

We will continue tomorrow as it is 2:00 midnight here,and also 1 task assigned in weekend.

Thanks see u tomorrow i will review the thread again and see it gets more clear or not,

Thanking once more for being with me.

0 Helpful

Scott Nishimura
Cisco Employee
Cisco Employee
In response to estelamathew

‎08-20-2010 02:53 PM

Hi Estela,

sounds good.  have a good evening.. i'll check back on monday to see if you have any follow up questions on it.

thanks,

scott

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card