I do have a 6509-E with the FWSM module, I created two context within the FWSM, context A and context B, both in transparent mode.
Context A is "conected" to the MSFC via BVI with the IP 192.168.180.2, the MSFC IP for VLAN180 is 192.168.180.1, in context A VLAN180 is binded to the BVI. So far until this point I have a connection between the MSFC and Context A.
Now, if I want to put a server behind context A with server IP=192.168.180.100, and be able to apply some ACLs to allow certain traffic to the server, how I would achieve this?
I know that in this mode the context need two logical interfaces, one is VLAN180 already binded to the BVI, but what about the logical interface where I'm supposed to connect to the server?
As you can see I created vlan 188 for the "INSIDE' of the Context A but if the server is inside the same subnet as the MFSC vlan 180 then by having a different vlan for the inside part of the context breaks up the act that two hosts on the same subnet must also belong to the same vlan.
You will have different vlan's but the vlan's will use the same ip subnet because the vlan's are bridge by a BVI interface. It's the way it work in the FWSM because the FWSM use SVI (Virtual interfaces). If you had a PIX/ASA you won't see a BVI because the PIX/ASA automatically bridge the physical inside and outside interfaces.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :