cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
632
Views
0
Helpful
1
Replies

IDSM-2/FWSM

Rodrigo Gurriti
Level 3
Level 3

Hello,

I have a question on the IDSM-2/FWSM:

How can I inspect inline the FWSM outside/dmz interfaces?


I followed this doc  http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1068377

I understand that I'm bridging the L2 with the L3 Vlans, but on the FWSM how would that work ?

I have 2 L2 vlans:

  • Vlan 20 the outside with my ISP router on the segment.
  • Vlan 60 the DMZ with a couple servers.

My FWSM config:

firewall multiple-vlan-interfaces

firewall module 1 vlan-group 10

firewall vlan-group 10  20,50,60,100

!

!

interface Vlan20

no ip address

shutdown

!

interface Vlan60

no ip address

shutdown

1 Reply 1

Parminder Sian
Level 1
Level 1

Hi Rodrigo,

First of, IDSM and FWSM are two different devices, if you want to inspect inline traffic, be it actual interfaces or VLAN's, you need and IPS/IDSM not FWSM

In your case, you have IDSM and following configuration should do the trick:-

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1067639

Hope this helps,

Sian

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: