Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

FWSM and VPNSM in same 6509 chassis problem.

Here's my configuration:

17 Security Contexts---VLAN300---MSFC---VLAN250---Admin Context---VLAN100(outside)

VLAN300 is an SVI with an IP of /24

VLAN 250 is an SVI with an IP of /24

The Admin Context inside interface is on VLAN 250 with an IP address of /24.

The 17 Security Contexts have an IP address on their outside interface in the /24 subnet.

Admin context outside interface is connected to Layer2 VLAN100 with an IP address /24.

I also have a VPNSM with an IP address on VLAN 100, /24. I want to terminate all L2L connections on the VPNSM, and have the decrypted traffic routed to the Admin Context for security ACL checks, then routed out to the appropriate interface. There are other interfaces with IP's in different subnets. How can this be achieved?

The traffic that gets decrypted by the VPNSM will get routed to the MSFC and from there it can get to any of the other VLAN's on the MSFC. The other way is true. Users in one of the security contexts can go directly to the SVI configured for the VPNSM.

Any help would be appreciated.




Re: FWSM and VPNSM in same 6509 chassis problem.

It is not very clear to me on what you are trying to achieve and it is very hard to tell without having more details. I am sure L2L VPNs can be terminated on the VPN module and the decrypted traffic sent to the other inside VLANs.

CreatePlease to create content