cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
155
Views
5
Helpful
2
Replies
alandean
Beginner

Setting UP 6500 Firewall Services Module

I know the PIX 5xx firewalls well enough and although I've read through all the docummentation on the FSM for the 6500, I still don't understand how it works.

I have 20+ VLANS with only 1 VLAN I need secured from the other 20 VLANs, but hosts on the 20+ user VLANS need to get to some various services on the Secure VLAN.

According to Documents I have to "set vlan 1-25 firewall-vlan 9" thus making all VLANS secured VLANS on the firewall! And that means that I cannot route VLANS on the MSFC because I get an error saying:

"15 are already defined and up on the MSFC. Cannot be secured".

So I'm thinking to secure just 1 VLAN from all other VLANs, all my VLAN routing must go through the firewall beacuse I cannot route the VLANs on the MSFC whic would negate the effectiveness of a MSFC.

Wouldn't I be better off with an external PIX device and keep my high-speed routing on the MSFC? or am I missing something here?

1 ACCEPTED SOLUTION

Accepted Solutions
nkhawaja
Cisco Employee

actually you can secure all your vlans from each other and let the routing happens on the FWSM as well. But IF NOT, then

just secure 2 vlans (one inside, and one outside)

all the routing from secured vlan to the outside world will happen through outside interface.

Yes in your case, an external PIX is as better as using FWSM. Using FWSM particularly beneficial if you have several VLANS to be secured

View solution in original post

2 REPLIES 2
nkhawaja
Cisco Employee

actually you can secure all your vlans from each other and let the routing happens on the FWSM as well. But IF NOT, then

just secure 2 vlans (one inside, and one outside)

all the routing from secured vlan to the outside world will happen through outside interface.

Yes in your case, an external PIX is as better as using FWSM. Using FWSM particularly beneficial if you have several VLANS to be secured

View solution in original post

davidmann
Beginner

Could you not use the DMZPUB?

Content for Community-Ad

This widget could not be displayed.