11-22-2006 02:02 PM - edited 03-11-2019 01:59 AM
A client of mine purchased 2 FWSM modules for a 6509 a few years ago. They have never been used but are installed. I think I know the answer to this question, but I'll ask to be sure.
Does the PIX OS (FWSM) support secondary addresses on it's interfaces? if so how many?
I suspect no, but I need to be sure before I tell this person that they need to reorg their entire network.
They have 5 secondary address on the same VLAN. They are using it like a router on a stick, but with no VLANS.
Thanks,
Phil
Solved! Go to Solution.
11-22-2006 02:18 PM
Hello,
You are correct. The pix/FWSM/ASA support vlan interfaces and subinterfaces (the term for vlan interfaces in later code versions), but do not support multinetting/secondary IP addresses like IOS does.
--Jason
Please rate this message if it solves some or all of your issue.
11-22-2006 02:18 PM
Hello,
You are correct. The pix/FWSM/ASA support vlan interfaces and subinterfaces (the term for vlan interfaces in later code versions), but do not support multinetting/secondary IP addresses like IOS does.
--Jason
Please rate this message if it solves some or all of your issue.
11-22-2006 07:11 PM
Thanks.
Would this type of thing be supported if I was running the firewall in transparent mode?
Thanks,
Phil
11-22-2006 07:19 PM
Let me explain further. I will preface this with the fact that I know that the network needs to redesigned. This is not my animal, I have just walked into a disaster. Re-design is not possible at this point, but some secutity is needed.
The network is composed of 2 X 6509's that are connected together, as well as cross connected to 2 X 4006's. The 6509's run VLAN2 with 5 secondary addresses on the vlan interface. The 4006's run VLAN3 that also have multiple secondary addresses. I need to be able to secure the traffic that flows between VLAN2 and VLAN3.
I figure that if I run the FWSM in transparent mode I can configure the port to the 4006's as 1 side of the transparent interface and another port in VLAN2 as the other interface.
Thoughts? (Network engineers should know better than to do something like what has been done to this company!!!!)
11-22-2006 03:04 PM
If your client bought it 'few years' ago, then I think you really need to check the version loaded into it. It might not suppor new features available in current/latest FWSM now.
It may run on older version, FWSM Version 1.x(x).
Newer FWSM version FWSM 3.x (slighty older FWSM 2.x) has licensed features, i.e virtual-firewall.
You might need to check that before making a move:
http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/index.html
HTH
AK
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: