04-12-2011 10:51 PM - edited 03-11-2019 01:20 PM
Hi all
we have the following senario ,
cisco 6509 is connected to internet we need to secure our internal LAN segments .with IDSM and FWSM moudules.
internet ------>IDSM------>FWSM
plz suggest some confiugration links for IDSM , FWSM configuration
also suggest best practises we plan to keep IDSM IN proimiscouss mode.
thanks
Solved! Go to Solution.
04-13-2011 02:08 AM
Hi,
As for default username and password it's the same as anywehere - cisco.
Did you have a look at the documents I sent you? There an instruction on how to configure and how to get to those devices. You use the chassis or SSH/telnet/HTTPS directly once basic configuration is done.
FWSM has a physical console port but it's ON the blade (not on the front panel).
The console port doesn't have to be in uniform place accross different supervisors, it is always however labeled "console" (at least on blades from last 4-5 years) :-)
Marcin
04-12-2011 11:44 PM
Hi,
First of all please note that the design you're suggesting is not the best.
IDSM does more in-depth packet analsysis and thus has a lower performance cap (500Mbit/s as opposed to theoretical 5Mbit/s for FWSM). In real life what I would suggest to do is put the IDSM in promiscous mode for vlan(s) behind FWSM and not in front.
With IDSM in promiscous mode there is no interaction between the modules and they can be configured separately according to configuration guides and depending on versions.
For reference:
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html
http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/fwsm_cfg.html
Marcin
04-13-2011 01:53 AM
Thanks for the reply
just wanted to know the following
what is default password for idsm2 and fwsm
i guess their is no default password for fwsm
also let me know how do we log on tho IDSM or fwsm ?
do the modules have seprate console ports ?
or do we need to first connect to 6500 and then issue session command to move to IDSM ? fwsm ?
further where is console port on 6500 loacsted on supervisor engine ?
thanks
04-13-2011 02:08 AM
Hi,
As for default username and password it's the same as anywehere - cisco.
Did you have a look at the documents I sent you? There an instruction on how to configure and how to get to those devices. You use the chassis or SSH/telnet/HTTPS directly once basic configuration is done.
FWSM has a physical console port but it's ON the blade (not on the front panel).
The console port doesn't have to be in uniform place accross different supervisors, it is always however labeled "console" (at least on blades from last 4-5 years) :-)
Marcin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide