Hi David,
Thanks for your support. Any other method to do this without using FWSM
contexts?
Best Regards,
On Fri, Nov 5, 2010 at 7:46 AM, David Prall <dcp_at_dcptech.com> wrote:
> You've got the concept exactly as it should be.
>
>
> Server 1 --> VLAN1 --> FWSM Context 1 --> VLAN2 --> Int VLAN2 vrf cust1
>
> Server 2 --> VLAN3 --> FWSM Context 2 --> VLAN4 --> Int VLAN4 vrf cust2
>
> David
>
> --
> http://dcp.dcptech.com
>
>
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> > karim jamali
> > Sent: Thursday, November 04, 2010 5:34 PM
> > To: Cisco certification
> > Subject: OT:VRFs with FWSM
> >
> > Dear Experts,
> >
> > I would like to enquire regarding about a scenario I am facing which is
> > as
> > follows:
> > -I have two Core Switches (6509) having FWSM modules and running in VSS
> > Mode
> > on one side which is connecting in fact the clients.
> > -I have another two core switches (6509) having FWSM modules/running in
> > VSS
> > where the servers are connected (applications.etc).
> >
> > An internal MPLS cloud will be built and the goal is to be able to keep
> > the
> > traffic of clients seperate (using VRFs) i.e. every client has his own
> > set
> > of servers/user subnets and those subnets will be put into a VRF. MBGP
> > will
> > be run in order to share/isolate one customer's routes from another.
> >
> > Now the question that comes to my mind is that FWSM doesn't support
> > VRFs,
> > thus I won't be able to terminate the VLANs on the FWSM for security
> > policies. If I terminate the VLANs on the FWSM how will I be able to
> > achieve
> > route isolation through VRF? The only solution I could think of is to
> > use
> > multiple contexts on the FWSM (one per client) and every context
> > outside
> > interface will be pointing to an SVI which will be in a certain VRF.
> > However
> > I don't find this to be very practical.
> >
> > I am not an expert on MPLS/VRFs, but all I need is to be able to do an
> > isolation of Routes into VRFs and use the security policies of FWSM at
> > the
> > same time.
> >
> > Your help will be greatly appreciated.
> >
> > --
> > KJ
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
>
>
>
-- KJ Blogs and organic groups at http://www.ccie.netReceived on Fri Nov 05 2010 - 13:31:25 ART
This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:55 ART