Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
3
Replies

idsm , fwsm

Go to solution
mirehteshamali
Level 1
Level 1

‎04-12-2011 10:51 PM - edited ‎03-11-2019 01:20 PM

Hi all

we have the following senario ,

cisco 6509 is connected to internet we need to secure our internal LAN segments .with IDSM and FWSM moudules.

internet ------>IDSM------>FWSM

plz suggest  some confiugration links for IDSM , FWSM  configuration

also suggest best practises we plan to keep IDSM IN proimiscouss mode.

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to mirehteshamali

‎04-13-2011 02:08 AM

Hi,

As for default username and password it's the same as anywehere - cisco.

Did you have a look at the documents I sent you? There an instruction on how to configure and how to get to those devices. You use the chassis or SSH/telnet/HTTPS directly once basic configuration is done.

FWSM has a physical console port but it's ON the blade (not on the front panel).

The console port doesn't have to be in uniform place accross different supervisors, it is always however labeled "console" (at least on blades from last 4-5 years) :-)

Marcin

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎04-12-2011 11:44 PM

Hi,

First of all please note that the design you're suggesting is not the best.

IDSM does more in-depth packet analsysis and thus has a lower performance cap (500Mbit/s as opposed to theoretical 5Mbit/s for FWSM). In real life what I would suggest to do is put the IDSM in promiscous mode for vlan(s) behind FWSM and not in front.

With IDSM in promiscous mode there is no interaction between the modules and they can be configured separately according to configuration guides and depending on versions.

For reference:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/fwsm_cfg.html

Marcin

0 Helpful

Go to solution
mirehteshamali
Level 1
Level 1
In response to Marcin Latosiewicz

‎04-13-2011 01:53 AM

Thanks for the reply

just wanted to know the following

what is default password for idsm2 and fwsm

i guess their  is no default password for fwsm

also let me know how do we log on tho IDSM  or fwsm ?

do the modules have seprate console ports ?

or do we need to first connect to 6500 and then issue session command to move to IDSM ? fwsm ?

further where is console port on 6500 loacsted on supervisor engine ?

thanks

0 Helpful

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to mirehteshamali

‎04-13-2011 02:08 AM

Hi,

As for default username and password it's the same as anywehere - cisco.

Did you have a look at the documents I sent you? There an instruction on how to configure and how to get to those devices. You use the chassis or SSH/telnet/HTTPS directly once basic configuration is done.

FWSM has a physical console port but it's ON the blade (not on the front panel).

The console port doesn't have to be in uniform place accross different supervisors, it is always however labeled "console" (at least on blades from last 4-5 years) :-)

Marcin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card