What it looks like is that the FWSM will contain the VLAN/IP address inforomation and in the IOS on the 6500 I will allocate certain VLANs to be handled by the FWSM.
So I could technically add a third VLAN on the FWSM. The routing on this is sort of fuzzy for me though.
If, for instance, I create the VLAN on the FWSM, allocate VLAN in my IOS, where is my static route pointing to? The FWSM won't know about any other VLAN besides the one I configure on it. And my IOS/MSFC wont have an IP on it to have the FWSM point to for routing. I think I am missing a small piece.
Thanks so far. Like I said, I am going to go change the config and see what happens.
I think you might be one step ahead of me here. I am unable to ping on VLAN2.
Interface VLAN 2
ip address 10.10.10.1 255.255.255.0
Interface VLAN 2
ip address 10.10.10.3 255.255.255.0
I cant ping between the two. I believe the IOS needs just to know that I have that IP on the FWSM...I am not sure how to make that happen. Your other examples showed how to allocate VLANs to the FWSM and how to route, but I think this is just the basic, "hey, we need to know you exist" kind of config that I am looking for.
The documentation I have seen seems to skip this basic step.
I did a debug of the ICMP and it was being denied so I suspect it had to do with the ICMP permit any outside command. I had added an IP-ANY-ANY access group and put it on the Mngt interface but ICMP still came back as being denied.
The VLAN was created on the 6500 already so basically changing the name to "outside" and creating the correct access list did the trick.
Good times. Only three more of these things to upgrade!
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...