FWSM and Vlans Question

Discussion in 'Cisco' started by osman arslaner, Sep 1, 2004.

  1. Hello,

    Currently I am testing FWSM 1.1(3) and have a question on vlans: I
    have defined an outside interface to communicate with the campus
    network and multiple vlans behind the FWSM for internal networks.
    How do these internal vlans communicate with each other? Do they go
    through the outside interface or do I have to use the static IP
    mapping ? Also, how does security levels effect this? Can a vlan with
    higher security level access another vlan with a lower security level
    by default or do I still need to have access-lists ?

    Any help will be appreciated...


    osman arslaner, Sep 1, 2004
    1. Advertisements

  2. osman arslaner

    Rik Bain Guest

    Once your vlans have been specified, they communicate with each other via
    the defined interfaces. This is pretty much that same as pix, in so far
    that nat is still required.

    As far as access-lists are concerned, the FWSM requires an access-list on
    all interfaces (independent of security level) to pass traffic. The
    default behavior is to deny all traffic entering an interface.

    As for same security level interface communication, this is configurable
    as of 2.2(1).

    Rik Bain
    Rik Bain, Sep 1, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.