[c-nsp] FWSM vs. stand alone FW

Voll, Scott Scott.Voll at wesd.org
Tue Mar 14 19:19:17 EST 2006 

6 isn't bad, try 20+

 

You have to setup new Vlans (one per WAN interface) with /30 subnets and
route-map all traffic from your WAN ATM PVC to that new VLAN that is
setup as a FWSM VLAN.

 

Then you have to setup Static routes to the Customer on the FWSM to that
vlan and on the Cat back to the customer on the ATM WAN.  I don't' have
a clue how you would do it if you had multiple links to the customer
since you have to run statics.

 

Good luck and make sure you get it right the first time.
Troubleshooting is a bear.

 

Scott

 

________________________________

From: Henry Anslinger [mailto:fortmreza at yahoo.com.au] 
Sent: Tuesday, March 14, 2006 4:11 PM
To: Voll, Scott; matthew zeier; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] FWSM vs. stand alone FW

 

yep, we will doing ATM WAN interfaces, spliting 6 customers traffic up.
PIX management is crap, so I am not looking forward to the config nor
the maintenance.

thanks
Ivan

"Voll, Scott" <Scott.Voll at wesd.org> wrote:

On the Cat you need the following commands

firewall multiple-vlan-interfaces
firewall module 2 vlan-group 2,500 <-- this attaches the Vlan groups to
the FWSM in slot 2
firewall vlan-group 2 2,254 <-- these are your groups and which Vlan's
are in each group.
firewall vlan-group 500 500,501


on the FWSM:

you will need to setup names like you do on the Pix

nameif vlan2 security100

setup 
passwords
fixups
access-lists
nat / pat
ip addresses
statics
routes

If you can setup a Pix it's not much different.

Scott

PS. If you're trying to do WAN interfaces it gets complicated quick.
Troubleshooting is a pain.



-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Henry Anslinger
Sent: Tuesday, March 14, 2006 2:50 PM
To: matthew zeier; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] FWSM vs. stand alone FW

Does anyone have any good how tos for the FWSM they will share?

thanks
Ivan

matthew zeier wrote: 
Anyone have constructive comparisons between a FWSM in a 6509 vs using 
an external firewall - PIX or Netscreen ? I'll mostly be hit with 
simultaneous connection limits before I hit bandwidth issues but 
certainly something that can do well in excess of 200Mbps.

thanks.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



---------------------------------
On Yahoo!7
Dancing With the Stars: Win tickets to the Grand Final! 
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



 

________________________________

On Yahoo!7
Music: Create your own personalised radio station.
<http://au.rd.yahoo.com/mail/tag/music/**http%3A%2F%2Fau.launch.yahoo.co
m%2F>

More information about the cisco-nsp mailing list