[c-nsp] Virtual Routers
Ben Steele
ben.steele at internode.on.net
Mon Nov 17 06:08:33 EST 2008
You can do what you want without vrf using PBR, as you mentioned.
Using the standard svclc vlans the flow of traffic would be:
Outside Host ->6500 VLAN 1 -> FWSM -> 6500 VLAN 2(PBR set ip next-hop IPS)
-> IPS -> 6500 VLAN 3 -> Inside Host
So in this example physically the IPS would be cabled with 2 separate cables
(in/out) in 2 different vlans on the 6500.
Any reason that wouldn't work? Gives you the option to bypass the IPS by
simply not including it in the IPS PBR acl.
Ben
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Holemans Wim
Sent: Monday, 17 November 2008 7:01 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Virtual Routers
Is there a way to divide a 6500 into multiple 'Virtual Routers' with
different routing tables ? I've read about VRF-Lite but it is always
mentioned in a VPN environment with remote and central devices. I need
to get some traffic into a FWSM on a 6500, out of the 6500 to an IPS and
back into the same 6500. Maybe PBR would do the trick but I'm still
looking for some good and clear info on virtual routing in a LAN
environment (if existing).
Thanks,
Wim Holemans
Netwerkdienst Universiteit Antwerpen
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.175 / Virus Database: 270.9.4/1793 - Release Date: 16/11/2008
7:58 PM
More information about the cisco-nsp
mailing list