Fault-Tolerant Csm Firewall Configurations - Cisco catalyst 6500 series Configuration Note

Understanding How Firewalls Work
Figure 11-4 Mixed Firewall Configuration for Stealth and Regular Firewalls (Dual CSMs Only)
Internet
Catalyst 6500
CSM-A
VLAN 100
IP address
100.0.0.2
100.0.0.3
IP address
25.0.11.20
Alias
IP address
10.5.0.100
Alias
IP address
10.6.0.100
Alias
IP address
10.7.0.100

Fault-Tolerant CSM Firewall Configurations

The CSM supports fault tolerance for these configurations:
•
•
•
•
In Figure
shows the flow from the Internet to the intranet through the primary CSMs, and VLANs 11 and 111 are
on the same subnet. VLANs 12 and 112 are on the same subnet.
Catalyst 6500 Series Content Switching Module Configuration Note
11-6
Regular Firewalls
IP address
25.0.11.50
VLAN 111
IP address
25.0.11.2
25.0.11.51
IP address
25.0.11.52
Stealth Firewalls
VLAN 2
10.5.0.2
VLAN 3
10.6.0.2
VLAN 4
10.7.0.2
Stealth firewalls in a fault-tolerant dual CSM configuration
Regular firewalls in a fault-tolerant dual CSM configuration
Regular firewalls in a fault-tolerant single CSM configuration
Mixed firewalls (stealth and regular) in a fault-tolerant dual CSM configuration
11-5, the traffic moves through the firewalls and is filtered in both directions. The figure only
Catalyst 6500
CSM-A
IP address
25.0.12.50
VLAN 112
IP address
25.0.12.2
25.0.12.51
IP address
25.0.12.52
IP address
VLAN 5
10.5.0.200
10.5.1.2
IP address
VLAN 6
10.6.0.200
10.6.1.2
IP address
VLAN 7
10.7.0.200
10.7.1.2
Chapter 11 Configuring Firewall Load Balancing
Intranet-A
200.20.0.1
IP address
200.20.0.10
Router
IP address
200.0.0.4
VLAN 200
IP address
200.0.0.2
200.0.0.3
IP address
25.0.12.20
Alias
IP address VLAN 200
201.0.0.3 201.0.0.2
Alias
IP address
201.0.0.4
Router
Alias
IP address
201.20.0.10
Intranet-B
201.20.0.1
OL-4612-01