OK, so I have an interesting situation. I have a architecture that has 4 6509s in it and they're all interconnected in a cross hatch / direct link manner, so I have complete redundancy. The top (we'll call the Core) pair have an FWSM in them. Above the cores is a L2 environment which we can ignore. My problem is that the core and bottom pair of 6509 (we'll call the Access) are all participating in multiple VRFs together using OSPF as the routing protocol. My problem is this:
(VRF1) Access --> FWSM --> (VRF1) Core
From what I can tell there's no way to preserve the VRF across the FWSM in routed mode. The reason why I'd like to keep it routed is because within VRF1 I have multiple VLANs. And I'd like to seperate traffic between those VLANs using multiple SVIs on the FWSM.
Anybody have any ideas of how I can get the VRF through the routed firewall, preserving it and not breaking OSPF?
In routed mode, the FWSM is considered to be a router hop in the network. It can use OSPF or passive RIP (in single context mode). Routed mode supports many interfaces, and each interface is on a different subnet. You can share interfaces between contexts, with some limitations.
refer the following url for more info on configuring FWSM in routed mode:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :