cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

879
Views
0
Helpful
3
Replies
Highlighted
Beginner

FWSM bridge-group between two VRF interfaces

Hello,

I created two IP L3 interfaces (SVI’s) in a Cat6500 MSFC, each one in the same IP subnet, but in different VRF each.

Can I configure a FWSM bridge-group in transparent mode, so that the FWSM performs L2 inspection between these two MSFC SVI interfaces?

It is not clear to me in the sample configurations.

Kind regards.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Cisco Employee

Re: FWSM bridge-group between two VRF interfaces

Unfortunately VRF lite is not supported with transparent FWSM.

I hope it helps.

PK

View solution in original post

Highlighted
Cisco Employee

Re: FWSM bridge-group between two VRF interfaces

Yes, that can be done. The FWSM will only know about the SVIs and the MSFC is going to be responsible for VRF routing. So, it is do-able.

PK

View solution in original post

3 REPLIES 3
Highlighted
Cisco Employee

Re: FWSM bridge-group between two VRF interfaces

Unfortunately VRF lite is not supported with transparent FWSM.

I hope it helps.

PK

View solution in original post

Highlighted
Beginner

Re: FWSM bridge-group between two VRF interfaces

Thank you for your answer.

In such case, can i deploy the FWSM in routed mode between vlans with MSFC SVI interfaces assigned to different VRFs?

For instance, can i assign the FWSM outside interface to a vlan in which there is also an MSFC SVI assigned to the VRF A, and the FWSM inside interface to another vlan in which there is another MSFC SVI assigned to VRF B?  Performing routing + inspection between them?

Kind regards.

Highlighted
Cisco Employee

Re: FWSM bridge-group between two VRF interfaces

Yes, that can be done. The FWSM will only know about the SVIs and the MSFC is going to be responsible for VRF routing. So, it is do-able.

PK

View solution in original post