Cisco catalyst 6500 series Configuration Note page 132

Understanding How Firewalls Work
Figure 11-1 Stealth Firewall Configuration (Dual CSMs Only)
VLAN 100
100.0.0.2
In Figure
the flow from the Internet to the intranet. VLANs 11 and 111 are on the same subnet, and
VLANs 12 and 112 are on the same subnet.
Figure 11-2 Regular Firewall Configuration (Dual CSMs)
Internet
Catalyst 6500
CSM-A
IP address
25.0.11.20
VLAN 11
IP address
25.0.11.10
25.0.11.20
In Figure
only the flow from the Internet to the intranet, and VLANs 11 and 111 are on the same subnet.
VLANs 12 and 112 are on the same subnet.
Catalyst 6500 Series Content Switching Module Configuration Note
11-4
Internet
Catalyst 6500
CSM-A
VLAN 5
Alias
10.5.0.2
IP address
10.5.0.100
IP address
100.0.0.3
Alias
VLAN 6
IP address
10.6.0.2
10.6.0.100
Alias
VLAN 7
IP address
10.7.0.2
10.7.0.100
11-2, traffic moves through the firewalls and is filtered in both directions. The figure shows
IP address
25.0.11.50
VLAN 111
IP address
25.0.11.10
25.0.11.51
IP address
25.0.11.52
Firewalls
11-3, traffic moves through the firewalls and is filtered in both directions. The figure shows
Chapter 11
Catalyst 6500
Firewalls
VLAN 15
Alias
10.5.0.3
IP address
10.5.0.200
IP address
Alias
VLAN 16
IP address
10.6.0.3
10.6.0.200
Alias
VLAN 17
IP address
10.7.0.3
10.7.0.200
IP address
25.0.12.50
VLAN 112 IP address
IP address
25.0.12.10 25.0.12.20
25.0.12.51
IP address
25.0.12.52
Configuring Firewall Load Balancing
CSM-B
VLAN 200
200.0.0.2
200.0.0.3
IP address
200.0.0.4
Router
IP address
200.20.0.10
Intranet
Catalyst 6500
CSM-B
VLAN 200
IP address
25.0.12.10
25.0.12.20
IP address
25.0.12.1
Router
IP address
25.0.21.1
Intranet
OL-4612-01