I have a question about how I should setup NAT on our 6509's with relation to the FWSM and MSFC.
Is it better to NAT at the MSFC or FWSM? We do plan on having at least 1 DMZ in addition to the "inside" and "outside" networks if that helps.
If we put the NAT on the FWSM, then option 1 would have our FWSM connected directly to the ISP 2811 routers. We could also use Option 2 where the MSFC is connected directly to the ISP 2811 routers. This would require us to extend the public network down to the FWSM. That is why I have the virtual connection between the MSFC and FWSM in option 2 as "Network Unknown."
If we put NAT on the MSFC, then we could use option 2 where the MSFC is connected directly to the ISP 2811 routers. This would allow us to use a private network for the virtual link between the MSFC and FWSM.
I have read somewhere that, for security reasons, it is best to place the MSFC between the Internet and the FWSM. I am looking for any help or suggestions.
I always put NAT on the FWSM, as it is its job, MSFC will have limitations with NAT. I also always setup MSFC on both sides of the FWSM to gain flexibility. You would need to setup two VRFs, one called Internet and one called Internal. Put outside SVIs into Internet VRF and inside SVIs into Internal. This way you will have full control over routing, etc.
Wi-Fi 6 vs. 5G: Who is the winner? What’s the best one? Which one to choose?You may have heard these topics in many articles and conversations. But the fact is that if you choose one over the other, you may fail to provide your organization with the best ...
Whilst carrying out resilience testing to confirm igp/ebgp multipath is working, I have stumbled upon the below issue.The attached sketch crudely shows the topolgy of the network. 2 cores with a cross connect running ibgp, from each of the cores I have 1 ...
Learn how Cisco wireless assurance provides real-time and historical analytics for deep network visibility and simplified troubleshooting.
Learn how you can easily manage all of your connected devices and services and identify and solve issues before they...
I have a device connected to an access switch port. I would like to configure a net flow to gather the amount of traffic going via the interface. I will be sending all that data to SolarWinds. My question is how do I configure a netflow on WS-C6506. I tri...
Hello, We are working on a spare switch (with 12 fibre modules), which needs to be used as the failover switch in our company data centre. Cisco switch model : WS-C3750-12S(PowerPC405) Can you confirm the below : i. Does this switch su...