Is there any significance to the FW-VLAN-GROUP that is configured on the Switch other than mapping the group to a FWSM slot? Or in other words, can I apply policies to a FW-VLAN-GROUP on the FWSM?
The current environment has 50+ VLANS and all of the VLANS will need some sort of security. I would like to group the VLANS into more manageable FW-VLANS (zones) and route using the MSFC between VLANS in the same FW-VLAN-GROUP. Then, use the FWSM to route between security zones. Can this be done?
Basically the "firewall vlan-group" command , along with the "firewall module" command, maps the VLAN's to the firewall module. Any other VLAN configured on the switch but not directly specified as belonging to the FWSM will be routed via the MSFC. I am however not sure if you can route the fw-vlans using the MSFC. You might find this configuration reference useful in case you haven't seen this earlier.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...