My customer have 2 FWSM modules installed at 2 PACS core switch, and runned as A/S mode, the firewall mode is route mode without NAT. The FWSM have 3 security zone : PACS, HIS & TJ. The core switches of PACS zone & HIS zone are at same computer room, we used 2 GB link to connect from HIS core switch to 2 PACS core switches, and use rapid spanning-tree as the link redundent protocol. The TJ core switch at another building, we used 100Mbps FTTB to connect TJ & PACS core switch. The rouitng protocol for PACS, HIS & TJ is OSPF.
Now they want to apply another 10Mbps FTTB link between PACS & TJ core switch, but they don't want to use rapid spanning-tree as the link redundent protocol, they want to use L3 routing protocol ( OSPF ) to achieve the link redundent between 2 links ( 100Mbps & 10Mbps ). Can I :
1. create another security zone TJ1, the VLAN of TJ1 is 252
2. create another VLAN at TJ core switch, then connect it to PACS core switch VLAN 252 ( TJ1 zone )
3. enable OSPF routing at TJ core switch new VLAN & PACS core switch VLAN 252, setup the distance lower than 100Mbps FTTB
4. reference the static command related to TJ, duplicate it for TJ1 interface.
5. create firewall policy for TJ1 interface, then apply to TJ1 interface ( the policy are same as firewall policy for TJ interface )
if all you wanted to achive is L3 connectivity between these 3 networks. then I would prefer creating a VRF's on 6509's and let these networks home in that VRF's for connectivity between them and let those VRF's talk to FWSM's
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...