Hi all,

We have 6509 with FWSM and IDSM.All vlans (servers,voice,users etc) are homed directly on the FWSM.We need to protect the serverfarm vlan from attacks originating from both inside and outside. All traffic comming from outside and headed for the servers as well as traffic from user vlans needs to be intercepted.So i am planning to put IDSM in inline vlan pair mode.Also i want the internet traffic first to hit fwsm and then idsm.

Single digit vlan exist on MSFC, double digit vlans pushed to FWSM. Bridging done by IDSM

MSFC

----

vlan 2

name SERVER-IDSM

vlan 3

name INTERNET-IDSM

vlan 4

name USER-IDSM

vlan 22

name SERVER-FWSM

vlan 33

name INTERNET-FWSM

vlan 44

name USER-FWSM

intrusion-detection module 4 data-port 1 trunk allowed-vlan 3,4

// Here vlan 3 (Internet) goes into IDSM and then FWSM. But i want traffic from internet to go to FWSM and then IDSM

interface g2/3

switchport

switchport mode access

switchport access vlan 3

description INTERNET

IDSM

----

conf t

service interface

physical-interfaces g0/2

admin-state enabled

description INTERNET

duplex full

speed 1000

subinterface-type inline-vlan-pair

subinterface 1

vlan1 4 //bridging

vlan2 44

description INSPECT-USER-TRAFFIC

subinterface 2

vlan1 3 //briding

vlan 33

description INSTECT-INTERNET-TRAFFIC

service analysis-engine

virtual-sensor

physical-interface g0/2 subinterface-number 1

physical-interface g0/2 subinterface-number 2

My primary aim is :-

1) All user traffic should first go to FWSM and then to IDSM and then if OK to servers

2) All internet traffic (from outside) headed to servers should first go to FWSM and then IDSM and then if OK to servers

How can this be achieved? I think the configuration posted above places IDSM in front of FWSM which is opposite of what i want

Regards.

Sonu,