Understanding IDSM and FWSM intrachassis

rarick123 · ‎01-27-2009

I've looked through most of the messages on here, and I'm not understanding how to configure inline mode on an IDSM with multiple FWSM contexts.

As an overview, I have a single 7609 chassis with pair of FWSM's in active/standby and a single IDSM-2. Vlans 3001-3250 are my "inside" Vlans, and are part of a VRF (one distinct VRF per Vlan). Vlans 3251-3500 are my "outside" Vlans, each with a unique public /30 address. Context A gets 3001 and 3251, context B gets 3002 and 3252, etc.

If I want to do some form of inline inspection, is Vlan Pair the only choice? I assume Interface Pair isn't a choice because I don't have physical interfaces to use?

tstanik · ‎02-02-2009

You can use IDM or the CLI to configure IDSM-2 to operate in inline mode between two separate VLANs (one VLAN for each side of IDSM-2). To prepare IDSM-2 for inline mode, you must configure the switch as well as IDSM-2

Here is the configuaration guide for the IDSM. Follow the guide it may help you.

http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_idsm2.html#wp1028144

rarick123 · ‎02-03-2009

Well, I'm going to need to be able to inspect traffic on every VLAN that comes out of the FWSM, so would inline (non-VLAN pair) still work? I've looked at the config guides, and I still don't get it. I can't seem to find any documentation on how to set up the VLAN's on the 7609.