[c-nsp] FWSM vs. stand alone FW
Voll, Scott
Scott.Voll at wesd.org
Tue Mar 14 18:21:00 EST 2006
On the Cat you need the following commands
firewall multiple-vlan-interfaces
firewall module 2 vlan-group 2,500 <-- this attaches the Vlan groups to
the FWSM in slot 2
firewall vlan-group 2 2,254 <-- these are your groups and which Vlan's
are in each group.
firewall vlan-group 500 500,501
on the FWSM:
you will need to setup names like you do on the Pix
nameif vlan2 <nameofinterface> security100
setup
passwords
fixups
access-lists
nat / pat
ip addresses
statics
routes
If you can setup a Pix it's not much different.
Scott
PS. If you're trying to do WAN interfaces it gets complicated quick.
<lots of routemaps and static routes> Troubleshooting is a pain.
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Henry Anslinger
Sent: Tuesday, March 14, 2006 2:50 PM
To: matthew zeier; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] FWSM vs. stand alone FW
Does anyone have any good how tos for the FWSM they will share?
thanks
Ivan
matthew zeier <mrz at velvet.org> wrote:
Anyone have constructive comparisons between a FWSM in a 6509 vs using
an external firewall - PIX or Netscreen ? I'll mostly be hit with
simultaneous connection limits before I hit bandwidth issues but
certainly something that can do well in excess of 200Mbps.
thanks.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
---------------------------------
On Yahoo!7
Dancing With the Stars: Win tickets to the Grand Final!
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list