transparent pix between 2 vrf

hi guys,

This is the problem : I need to receive from a GigaEth both some multicast streams and a unicast control traffic to be filtered. So, on a 3750 there is a trunk vs data provider, and Interface Vlan X for mcast and Vlan Y for outside unicast in global space. Than a Vlan Z in a separate vrf for inside. Pix is connected on L2 port Vlan X for outside and on L2 port Vlan Z for inside. It doesn't run !!! It seems to be unable to resolve arp ...

The actual 3750, will become in a short time a 650x sup 720B, but I am not sure if we have a better results.

Any advice ?




Re: transparent pix between 2 vrf

To make this happen a FWSM module has to be installed in the Catalyst 6500 series switch. The FWSM features has the following features

Layer 2 Firewall (transparent mode)

Layer 3 Firewall (route and/or NAT mode)

Mixed Layer 2 and Layer 3 firewall per FWSM

Dynamic/static NAT and PAT

Policy-based NAT

VRF-aware NAT

Destination NAT for Multicast

Static routing support in single- and multiple security context mode

Dynamic routing in single security context mode: Open Shortest Path First (OSPF), Routing Initiation Protocol (RIP) v1 and v2, PIM Sparse Mode v2 multicast routing, Internet Group Management Protocol (IGMP) v2

Transparent mode supports static routing only

Private VLAN

Asymmetric routing supporting without redundancy by using asymmetric routing groups

IPv6 networking and management access using IPv6 HTTPS, Secure Shell Protocol (SSH) v1 and v2, and Telnet

New Member

Re: transparent pix between 2 vrf

Tanks for your response, but in my opinion using a FWSM to fiter just 2 low traffic vlan is a bit too expansive.

BTW , today I have solved my issue forcing arp on both side ( vrf ). Anyway the problem is still : why 3750 did non resolve arp ?