[c-nsp] FWSM Questions

Edoardo Martelli em.mlist at gmail.com
Wed Nov 22 03:17:50 EST 2006


Hi Paul

You have to imagine the fwsm as a complete independent box.
If you go for non-transparent mode, on the fwsm you have to assign ip
addresses to the vlan interfaces and define the routing, like in the pix.

In the hosting catalyst, you have to define the same vlans of the fwsm
to communicate with it. But here you have to be careful: if you define
IP addresses on the vlan interfaces, the catalyst will start routing
between them, and can bypass the fwsm (unless you use policy based
routing to avoid the short-cut).

hope it answers your question
Edoardo


On 21/11/06 14:45, Paul Stewart wrote:
> Hi folks...
> 
> This is a "high level" question ... we are moving towards FWSM's in our
> 6509's in the new year....
> 
> I understand Cisco PIX fairly well so the command structure shouldn't be
> a major issue for me...
> 
> My question centers around passing traffic through the FWSM itself.  I
> understand that traffic must go VLAN to VLAN (same as the PIX must go
> interface to interface).
> 
> In our setup, we have OSPF running across multiple interfaces using
> loopback etc.
> 
> So, for example:
> 
> 6509-A
> 
> GigE1/1 - 10.10.10.1/30
> GigE1/2 - 10.10.0.1/30
> Loopback0 - 192.168.254.1/32
> 
> 6509-B
> 
> GigE1/1 - 10.10.10.2/30
> Loopback0 - 192.168.254.2/32
> 
> GSR12000
> 
> GigE5/1 - 10.10.0.2/30
> Loopback0 - 192.168.254.3/32
> 
> So, on 6509-A I will have VLAN200 setup as 192.168.0.1/24
> 
> How do I tell the FSWM module to pass traffic from VLAN200 on the 6509-A
> router to the GSR for example?  Do I need to make interface GigE1/1 a
> member of a new VLAN so I can pass VLAN to VLAN via the FWSM??
> 
> To complicate matters, we will be putting HSRP into the mix during the
> migration as well... but I don't believe that will be a big issue after
> I get my head around passing the FWSM traffic...;)
> 
> Thanks in advance,
> 
> Paul
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 


More information about the cisco-nsp mailing list