Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

msfc infront fwsm

HELLO,

LAN---FWSM---MSFC---ROUTER---INTERNET

arent we violating any security rule in this scenario if we put the msfc infront of the FWSM?

thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: msfc infront fwsm

Hi

You can have as many vlans as you like behind the FWSM and as many vlan as you like on the MSFC.

The key thing in this is that any vlan that you want to firewall must not have an SVI (Layer 3 vlan interface) on the MSFC. So in your description above as long as the 7 vlans behind the FWSM are different from the 8 vlans that are on the MSFC you will be fine.

HTH

Jon

7 REPLIES
New Member

Re: msfc infront fwsm

Looks ok to me. As long as the MSFC doesn't have ANY SVIs on the LAN.

/Fredrik

New Member

Re: msfc infront fwsm

do you mean like this?

(inside,dmz, etc)-----FWSM---lan----MSFC---ROUTER---INTERNET

New Member

Re: msfc infront fwsm

Actually there are multiple vlans on the msfc which are users vlans. correction below;

DMZs----FWSM---MSFC(8vlans)---router---inet

is it possible to modify this scenario to something like below

(DMZs,7VLANs)----FWSM---MSFC(8vlans)---router---inet

Hall of Fame Super Blue

Re: msfc infront fwsm

Hi

You can have as many vlans as you like behind the FWSM and as many vlan as you like on the MSFC.

The key thing in this is that any vlan that you want to firewall must not have an SVI (Layer 3 vlan interface) on the MSFC. So in your description above as long as the 7 vlans behind the FWSM are different from the 8 vlans that are on the MSFC you will be fine.

HTH

Jon

New Member

Re: msfc infront fwsm

hi jon,

thanks a lot. any url you can paste here showing config on 2x6500 both having fwsm on it..

thanks

New Member

Re: msfc infront fwsm

hi jon,

again many thanks...another thing, can i do glbp on fwsm between 2 6500 chassis?

thanks

161
Views
4
Helpful
7
Replies
CreatePlease to create content