Table Of Contents

Service Module Setup Wizards

Which Wizard Should I Use?

Using the Firewall-Inside Setup Wizard

Selecting a Service Module

Configuring the Core Network Connection

Configuring the MSFC-Firewall VLAN

Configuring the Inside Network Connection

Summary

Delivering the Configuration to the Switch/Module

Using the Firewall-Outside Setup Wizard

Selecting a Service Module

Configuring the Internet Connection

Configuring the Firewall-MSFC VLAN

Configuring the Inside Network Connection

Configuring the Core Network Connection

Summary

Delivering the Configuration to the Switch/Module

Using the Firewall-Inside and CSM Setup Wizard

Selecting a Service Module

Configuring the Core Network Connection

Configuring the MSFC-Firewall VLAN

Configuring the Firewall-CSM VLAN

Configuring the Server Farm Connection

Summary

Delivering the Configuration to the Switch/Module

Using the Firewall-Outside and CSM Setup Wizard

Selecting a Service Module

Configuring the Internet Connection

Configuring the Firewall-MSFC VLAN

Configuring the Firewall-CSM VLAN

Configuring the Server Farm Connection

Configuring the Core Network Connection

Summary

Delivering the Configuration to the Switch/Module

Using the VPN-Outside Setup Wizard

Selecting a Service Module

Configuring the Remote Site Connection

Configuring the VPN-MSFC VLAN

Configuring the MSFC-Firewall VLAN

Configuring the Inside Network Connection

Summary

Delivering the Configuration to the Switch/Module

Using the VPN-Firewall Setup Wizard

Selecting a Service Module

Configuring the Remote Site Connection

Configuring the VPN-MSFC VLAN

Configuring the Internet Connection

Configuring the Firewall-MSFC VLAN

Configuring the Core Network Connection

Summary

Delivering the Configuration to the Switch/Module

Using the MSFC-CSM Setup Wizard

Selecting a Service Module

Configuring the Core Network Connection

Configuring the MSFC-CSM VLAN

Configuring the Server Farm Connection

Summary

Delivering the Configuration to the Switch/Module

Service Module Setup Wizards

---

CVDM-C6500 provides seven wizards that simplify the process of service module setup. Each wizard is tailored for one of the various scenarios that network administrators face when setting up service modules.

This section contains the following topics:

•Which Wizard Should I Use?

•Firewall-Inside Scenario

•Firewall-Outside Scenario

•Firewall-Inside and CSM Scenario

•Firewall-Outside and CSM Scenario

•VPN-Outside Scenario

•VPN-Firewall Scenario

•MSFC-CSM Scenario

If none of these scenarios is applicable, CVDM-C6500 also provides a custom setup page from which you can establish VLAN connectivity between modules. See the "Custom Scenario" section for more information.

Which Wizard Should I Use?

After reading the following descriptions, determine which wizard best suits your application and refer to the information for that wizard.

Firewall-Inside Scenario

This scenario is typically used in the intranet data center. Placing the MSFC outside the Cisco Catalyst 6500 Series Firewall Services Module (FWSM) makes it possible for the MSFC to perform routing toward the core. The FWSM provides routing to the border routers and the demilitarized zone (DMZ).

Before you launch the Firewall-Inside setup wizard, you must first enter the credentials for the firewall module. To do so, select Edit > Credentials and then enter the appropriate information.

To access this wizard, click Services at the top of the window, click Setup from the left-most pane, select Firewall-Inside from the list of setup templates, and click Launch Setup Wizard. See the "Using the Firewall-Inside Setup Wizard" section for more information.

Firewall-Outside Scenario

This scenario is typically used in the Internet data center. Placing the Catalyst 6500 Series Firewall Services Module (FWSM) outside the MSFC allows the MSFC to face the core.

Before you launch the Firewall-Outside setup wizard, you must first enter the credentials for the firewall module. To do so, select Edit > Credentials and then enter the appropriate information.

To access this wizard, click Services at the top of the window, click Setup from the left-most pane, select Firewall-Outside from the list of setup templates, and click Launch Setup Wizard. See the "Using the Firewall-Outside Setup Wizard" section for more information.

Firewall-Inside and CSM Scenario

This scenario is typically used in the intranet data center. Placing the MSFC outside the Cisco Catalyst 6500 Series Firewall Services Module (FWSM) means that the MSFC faces the core. In this design, the default gateway for the servers is either the FWSM or the Content Switching Module (CSM).

Before you launch the Firewall-Inside and CSM setup wizard, you must first enter the credentials for the firewall module. To do so, select Edit > Credentials and then enter the appropriate information.

To access this wizard, click Services at the top of the window, click Setup from the left-most pane, select Firewall-Inside_CSM from the list of setup templates, and click Launch Setup Wizard. See the "Using the Firewall-Inside and CSM Setup Wizard" section for more information.

Firewall-Outside and CSM Scenario

This scenario is typically used in the Internet data center. Placing the Cisco Catalyst 6500 Series Firewall Services Module (FWSM) outside the MSFC means that the MSFC performs routing toward the core. The FWSM performs routing toward the border routers and the demilitarized zone (DMZ).

Before you launch the Firewall-Outside and CSM setup wizard, you must first enter the credentials for the firewall module. To do so, select Edit > Credentials and then enter the appropriate information.

To access this wizard, click Services at the top of the window, click Setup from the left-most pane, select Firewall-Outside_CSM from the list of setup templates, and click Launch Setup Wizard. See the "Using the Firewall-Outside and CSM Setup Wizard" section for more information.

VPN-Outside Scenario

This scenario is used when the Cisco 7600/Catalyst 6500 IPSec VPN Services Module (VPNSM) serves as the headend VPN termination platform for either remote access or enterprise customers. The VPN and Firewall Services Modules protect the internal and demilitarized zone (DMZ) networks.

To access the VPN-Outside setup wizard, click Services at the top of the window, click Setup from the left-most pane, select VPN-Outside from the list of setup templates, and click Launch Setup Wizard. See the "Using the VPN-Outside Setup Wizard" section for more information.

VPN-Firewall Scenario

This scenario is typically used to terminate secure connections from remote offices and telecommuters while providing the firewall function to external users accessing an Internet server farm. The Cisco Catalyst 6500 Series Firewall Services Module (FWSM) is used to apply firewall policies to untrusted clients while the Cisco 7600/Catalyst 6500 IPSec VPN Services Module provides secure access to the internal network.

Before you launch the VPN-Firewall setup wizard, you must first enter the credentials for the firewall module. To do so, select Edit > Credentials and then enter the appropriate information.

To access this wizard, click Services at the top of the window, click Setup from the left-most pane, select VPN-Firewall from the list of setup templates, and click Launch Setup Wizard. See the "Using the VPN-Firewall Setup Wizard" section for more information.

MSFC-CSM Scenario

This scenario configures connectivity between the MSFC and Content Switching Module (CSM). The CSM provides load-balancing services for the server farm.

To access the MSFC-CSM setup wizard, click Services at the top of the window, click Setup from the left-most pane, select MSFC-CSM from the list of setup templates, and click Launch Setup Wizard. See the "Using the MSFC-CSM Setup Wizard" section for more information.

Custom Scenario

If none of the seven setup wizards suits your application, you can establish VLAN connectivity between modules on the Custom setup page (see Figure 7-1).

Figure 7-1 Custom Setup Page

---

Step 1 Click Services at the top of the window, click Setup from the left-most pane, and select Custom from the list of setup templates. The Custom setup page appears.

Step 2 Click to enable the line drawing tool.

Step 3 With the cursor over a module icon, click and drag the cursor over to the icon of the module you want to connect with. The Add VLAN Connection dialog box appears.

Step 4 Configure the appropriate settings in the Add VLAN Connection dialog box and then click OK. See the "VLAN Connection Parameters" section for more information.

---

The following table describes the toolbar found on this page.

GUI Element	Action
	After configuring a VLAN, click to enter module selection mode. You can now select a module icon and move it anywhere in the view.
	Click to enter VLAN creation mode.
	Click to zoom in on the current view.
	Click to zoom out of the current view.
	Click to print the current view.

Note the following when using the Custom setup page:

•A VLAN connection between the following modules is invalid:

–SSL Services Module and VPN

–FWSM and SSL Services Module

–CSM and VPN

–FWSM and VPN

•Only a FWSM-to-FWSM connection is supported for sandwich configuration.

•You can right-click a VLAN to either edit or delete it.

Using the Firewall-Inside Setup Wizard

The wizard consists of three steps:

1. (Optional) Configure the connection to the core network.

2. Configure a VLAN to transfer data between the MSFC and firewall.

3. (Optional) Assign switch ports to the VLAN associated with the firewall's inside network.

Step 2 is the only mandatory step in the wizard. However, to enable the pinging of traffic from the core network to the inside network, you must complete all of the steps.

---

Note If a VLAN is already configured between the service modules affected by this wizard, certain wizard fields will be populated with the parameters set for this VLAN.

---

Selecting a Service Module

After you launch the setup wizard, CVDM-C6500 checks for the presence of two or more modules of the same type on your device. If multiple instances of the same module type are found, then the Service Blade Selection page appears. For every module type that has more than one instance installed, select from the list the module that you want the wizard to configure.

Click Next to proceed to the next page of the setup wizard.

Configuring the Core Network Connection

To configure the connection to the core network, enter the information specified in Table 7-1.

---

Note This step is optional. To proceed to the next page of the wizard, click Next.

---

Table 7-1 Core Network Connection Configuration: GUI Reference 

GUI Element	Action
Connection Mode radio button	Select the appropriate port connection mode in this field. By default, Routed mode is selected.
Ports Selector	Select the ports you want to add to the VLAN configured on this page of the wizard. See the "Port Selector" section for more information.
Configure VLAN for Selected Ports pane1
VLAN list	Specify the VLAN to which the selected ports belong. Click and then select one of the following: •Select VLAN: opens the VLAN Selector dialog box. See the "VLAN Selector" section for more information. •Create VLAN: opens the Create VLAN dialog box. See the "Create VLAN Dialog Box" section for more information. •Clear VLAN: clears the VLAN that is specified in this field.
SVI on MSFC pane1
IP Address field	Enter the IP address of the Switched Virtual Interface (SVI).
Mask list	Enter the subnet mask that corresponds to the SVI's IP address. You can either type a value or select a value from the list.

1 Available only in Access and Trunk port connection modes.

Routed Port Details

This dialog box appears anytime you add a port that does not have an IP address and subnet mask specified to the Selected Ports column.

Table 7-2 Routed Port Details: GUI Reference

GUI Element	Action/Description
Port Name field	Name of the selected port.
IP Address field	Enter the IP address of the port you want to add to the Selected Ports column.
Net Mask list	Enter the subnet mask to which the port's IP address belongs. You can either type a value or select a value from the list.

Configuring the MSFC-Firewall VLAN

To configure the VLAN connection between the MSFC and firewall modules, enter the information specified in Table 7-3.

Table 7-3 MSFC-Firewall VLAN Configuration: GUI Reference 

GUI Element	Action/Description
VLAN Connecting MSFC and Firewall list	Specify the VLAN that connects the MSFC and firewall modules. Click and then select one of the following: •Select VLAN: opens the VLAN Selector dialog box. See the "VLAN Selector" section for more information. •Create VLAN: opens the Create VLAN dialog box. See the "Create VLAN Dialog Box" section for more information. •Clear VLAN: clears the VLAN that is specified in this field.
MSFC: Slot X pane
Interface field	Enter the name for this interface.
IP Address field1	Enter the IP address of the VLAN on this interface.
Mask list	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select a value from the list.
Firewall: Slot X pane
Context list	Enter the context associated with this interface. Click and then select one of the following: •Select Context: opens the Select Firewall Context dialog box. See the "Select Firewall Context" section for more information. •Create Context: opens the Create Firewall Context dialog box. See the "Create Firewall Context" section for more information. Note the following: •This field is displayed only when Multiple Mode is active for the firewall module. •New contexts can be created only after the Admin context has first been created. For more information, see the "Security Context Overview" section.
Interface field	Enter a name for this interface, making sure that it is not the name of an interface that is already configured on this device.
IP Address field1	Enter the IP address of the VLAN on this interface.
Mask list	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select a value from the list.
Security Level field	Indicates the security level set for the interface. Higher values indicate higher security levels. •The value 100 indicates that this is an inside interface. •The value 0 indicates that this in an outside interface.
VLAN Group field	Indicates the VLAN group associated with the selected VLAN. Click to open the Select VLAN Group window.
Gateway pane
Use MSFC as Default Gateway radio button	Select to set the MSFC as the default gateway. To specify a module other than the MSFC as the default gateway, select the Gateway radio button.
Gateway radio button	Select and then enter the IP address of the default gateway.

1 Make sure that these IP addresses belong to the same subnet mask.

Select VLAN Group

This dialog box lists the VLAN groups that are configured on the device, as well as the VLANs associated with each group.

Table 7-4 Select VLAN Group: GUI Reference

GUI Element	Description
VLAN Group column	Indicates the numerical identifier assigned to a VLAN group.
VLANs column	Indicates the VLANs that belong to a particular VLAN group.
Assigned column	When checked, indicates that this VLAN group is assigned to the firewall.

Select Firewall Context

This dialog box lists the contexts that are configured on the module. Select a context and then click OK to proceed.

Table 7-5 Select Firewall Context: GUI Reference

GUI Element	Description
Context column	Indicates the name of a context.
Description column	Provides the description of a context.
Config URL column	Indicates the configuration URL for a context.

Create Firewall Context

In this dialog box, you can create a firewall context on a module. Enter the information specified in Table 7-6 and then click OK to proceed.

Table 7-6 Create Firewall Context: GUI Reference

GUI Element	Action
Name field	Enter the name of the context.
Description field	Enter a description of the context.
Config URL field	Enter the configuration URL for the context. You can download a context from either a server (FTP, TFTP, HTTP, or HTTPS) or the local disk. The URL syntax for each is as follows: •server type://server/path/filename •disk://path/filename where server type is the type of server, server is the IP address of the appropriate server, path is the directory that contains the context file, and filename is the name of the context file. Please note the following: •The URL you specify must be accessible from the Admin context. •The Admin context file must be stored on the local disk. •It is recommended that you append the context filename with the .cfg extension.

Configuring the Inside Network Connection

To configure the connection to the inside network, enter the information specified in Table 7-7.

---

Note This step is optional. To proceed to the next page of the wizard, click Next.

---

Table 7-7 Inside Network Connection Configuration: GUI Reference 

GUI Element	Action/Description
Connection Mode radio button	Select the appropriate port connection mode.
Ports Selector	Select the ports you want to add to the VLAN configured on this page of the wizard. See the "Port Selector" section for more information.
Configure VLAN for Selected Ports pane
VLAN list	Specify the VLAN to which the selected ports belong. Click and then select one of the following: •Select VLAN: opens the VLAN Selector dialog box. See the "VLAN Selector" section for more information. •Create VLAN: opens the Create VLAN dialog box. See the "Create VLAN Dialog Box" section for more information. •Clear VLAN: clears the VLAN that is specified in this field.
Firewall Interface pane
Context field	Name of the selected context.
Interface field	Enter a name for this interface.
IP Address field	Enter the IP address of the VLAN on this interface.
Mask list	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select a value from the list.
Security Level (0-100) field	Indicates the security level set for the interface. Higher values indicate higher security levels. •The value 100 indicates that this is an inside interface. •The value 0 indicates that this in an outside interface.
VLAN Group list	Specify the VLAN group associated with the selected VLAN. Click to open the Select VLAN Group window.
Permit ping traffic from core to inside network check box	Check to enable the pinging of traffic from the core network to the inside network.

Summary

From this page, you can view a summary of the settings entered for the service modules configured by this wizard. You have the option of delivering the corresponding CLI commands to the device by clicking Finish. To enable this option:

---

Step 1 Select Edit > Preferences.... The Preferences dialog box appears.

Step 2 Select the Show CLI Preview for Wizards check box.

---

For more information on this option, see the "Editing Preferences" section.

Delivering the Configuration to the Switch/Module

From this page, you can view the CLI commands (which reflect the settings entered in this wizard) that will be delivered to the device. There could be some undelivered CLI commands from the last time this wizard was used. In this case, you will be informed that the CLI commands displayed in this window are a combination of commands generated by the wizard and commands generated in another session.

After completing the wizard, the graphical view is updated to display the newly configured VLANs. You can now configure new VLANs directly from this view. See the "Custom Scenario" section for a description of the corresponding toolbar.

Table 7-8 Configuration Delivery: GUI Reference

GUI Element	Action
Deliver button	Click to send the CLI commands generated by this wizard immediately.
Deliver Later button	Click to send the CLI commands generated by this wizard at a later time.
Save to File button	Click to save the CLI commands generated by this wizard as a text file.

Using the Firewall-Outside Setup Wizard

The wizard consists of four steps:

1. (Optional) Configure the connection to the Internet.

2. Assign a VLAN to transfer data between the firewall and the MSFC.

3. (Optional) Assign switch ports to the VLAN associated with the firewall's inside network.

4. (Optional) Assign switch ports to the VLAN associated with the core network.

Step 2 is the only mandatory step in the wizard.

---

Note If a VLAN is already configured between the service modules affected by this wizard, certain wizard fields will be populated with the parameters set for this VLAN.

---

Selecting a Service Module

See the "Selecting a Service Module" section.

Configuring the Internet Connection

To configure the connection to the Internet, enter the information specified in Table 7-9.

---

Note This step is optional. To proceed to the next page of the wizard, click Next.

---

Table 7-9 Internet Connection Configuration: GUI Reference 

GUI Element	Action/Description
Connection Mode radio button	Select the appropriate port connection mode.
Ports Selector	Select the ports you want to add to the VLAN configured on this page of the wizard. See the "Port Selector" section for more information.
Configure VLAN for Selected Ports pane
VLAN list	Specify the VLAN to which the selected ports belong. Click and then select one of the following: •Select VLAN: opens the VLAN Selector dialog box. See the "VLAN Selector" section for more information. •Create VLAN: opens the Create VLAN dialog box. See the "Create VLAN Dialog Box" section for more information. •Clear VLAN: clears the VLAN that is specified in this field.
Firewall Interface pane
Context list	Enter the context associated with this interface. Click and then select one of the following: •Select Context: opens the Select Firewall Context dialog box. See the "Select Firewall Context" section for more information. •Create Context: opens the Create Firewall Context dialog box. See the "Create Firewall Context" section for more information. Note the following: •This field is displayed only when Multiple Mode is active. •New contexts can be created only after the Admin context has first been created. For more information, see the "Security Context Overview" section.
Interface field	Enter a name for this interface.
IP Address field	Enter the IP address of the VLAN on this interface.
Mask list	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select a value from the list.
Security Level field	Indicates the security level set for the interface. Higher values indicate higher security levels. •The value 100 indicates that this is an inside interface. •The value 0 indicates that this in an outside interface.
VLAN Group list	Specify the VLAN group associated with the selected VLAN. Click to open the Select VLAN Group window.

Configuring the Firewall-MSFC VLAN

To configure the VLAN connection between the firewall and MSFC modules, enter the information specified in Table 7-10.

Table 7-10 Firewall/MSFC VLAN Configuration: GUI Reference 

GUI Element	Action/Description
VLAN Connecting Firewall and MSFC list	Specify the VLAN that connects the firewall and MSFC modules. Click and then select one of the following: •Select VLAN: opens the VLAN Selector dialog box. See the "VLAN Selector" section for more information. •Create VLAN: opens the Create VLAN dialog box. See the "Create VLAN Dialog Box" section for more information. •Clear VLAN: clears the VLAN that is specified in this field.
Firewall: Slot X pane
Context list	Enter the context associated with this interface. Click and then select one of the following: •Select Context: opens the Select Firewall Context dialog box. See the "Select Firewall Context" section for more information. •Create Context: opens the Create Firewall Context dialog box. See the "Create Firewall Context" section for more information. Note the following: •This field is displayed only when Multiple Mode is active. •New contexts can be created only after the Admin context has first been created. For more information, see the "Security Context Overview" section.
Interface field	Enter a name for this interface, making sure that it is not the name of an interface that is already configured on the device.
IP Address field1	Enter the IP address of the VLAN on this interface.
Mask list	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select a value from the list.
Security Level (0-100) field	Indicates the security level set for the interface. Higher values indicate higher security levels. •The value 100 indicates that this is an inside interface. •The value 0 indicates that this in an outside interface.
VLAN Group list	Specify the VLAN group associated with the selected VLAN. Click to open the Select VLAN Group window.
MSFC: Slot X pane
Interface field	Enter the name for this interface.
IP Address field1	Enter the IP address of the VLAN on this interface.
Mask list	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select a value from the list.

1 Make sure that these IP addresses belong to the same subnet mask.

Configuring the Inside Network Connection

See the "Configuring the Inside Network Connection" section.

Configuring the Core Network Connection

To configure the connection to the core network, enter the information specified in Table 7-11.

---

Note This step is optional. To proceed to the next page of the wizard, click Next.

---

Table 7-11 Core Network Connection Configuration: GUI Reference 

GUI Element	Action
Connection Mode radio button	Select the appropriate port connection mode in this field.
Ports Selector	Select the ports you want to add to the VLAN specified in the VLAN field. See the "Port Selector" section for more information.
Configure VLAN for Selected Ports pane
VLAN list	Specify the VLAN to which the selected ports belong. Click and then select one of the following: •Select VLAN: opens the VLAN Selector dialog box. See the "VLAN Selector" section for more information. •Create VLAN: opens the Create VLAN dialog box. See the "Create VLAN Dialog Box" section for more information. •Clear VLAN: clears the VLAN that is specified in this field.
SVI on MSFC pane
IP Address field	Enter the IP address of the Switched Virtual Interface (SVI).
Mask list	Enter the subnet mask that corresponds to the SVI's IP address. You can either type a value or select a value from the list.

Summary

See the "Summary" section.

Delivering the Configuration to the Switch/Module

See the "Delivering the Configuration to the Switch/Module" section.

Using the Firewall-Inside and CSM Setup Wizard

The wizard consists of four steps:

1. (Optional) Configure the connection to the core network.

2. Assign a VLAN to transfer data between the MSFC and the firewall.

3. Assign a VLAN to transfer data between the firewall and the CSM.

4. (Optional) Specify a server VLAN on the CSM and assign ports to that VLAN for server farm access.

---

Note If a VLAN is already configured between the service modules affected by this wizard, certain wizard fields will be populated with the parameters set for this VLAN.

---

Selecting a Service Module

See the "Selecting a Service Module" section.

Configuring the Core Network Connection

See the "Configuring the Core Network Connection" section.

Configuring the MSFC-Firewall VLAN

See the "Configuring the MSFC-Firewall VLAN" section.

Configuring the Firewall-CSM VLAN

To configure the VLAN connection between the firewall and CSM modules, enter the information specified in Table 7-12.

Table 7-12 Firewall-CSM VLAN Configuration: GUI Reference 

GUI Element	Action/Description
VLAN Connecting Firewall and CSM list	Specify the VLAN that connects the firewall and CSM modules. Click and then select one of the following: •Select VLAN: opens the VLAN Selector dialog box. See the "VLAN Selector" section for more information. •Create VLAN: opens the Create VLAN dialog box. See the "Create VLAN Dialog Box" section for more information. •Clear VLAN: clears the VLAN that is specified in this field.
Firewall: Slot X pane
Context field	Name of the selected context.
Interface field	Enter a name for this interface, making sure that it is not the name of an interface that is already configured on this device.
IP Address field	Enter the IP address of the VLAN on this interface.
Mask list	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select a value from the list.
Security Level (0-100) field	Indicates the security level set for the interface. Higher values indicate higher security levels. •The value 100 indicates that this is an inside interface. •The value 0 indicates that this in an outside interface.
VLAN Group list	Specify the VLAN group associated with the selected VLAN. Click to open the Select VLAN Group window.
CSM: Slot X pane
VLAN Type field	Indicates what type of VLAN this is. By default, this value is set to client.
IP Address field	Enter the IP address of the VLAN on this interface.
Mask field	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select a value from the list.
Alias IP Address field	Enter the alias IP address of the VLAN on this interface.
Gateway pane
Use Firewall as Default Gateway radio button	Select to set the firewall as the default gateway.
Gateway radio button	Select and then enter the IP address of the appropriate gateway.
Add Virtual Server button	Click to open the Add Virtual Server dialog box.

Adding a Virtual Server

In the Add Virtual Server dialog box, you can configure the settings for a virtual server and server farm. To do so, enter the information specified in Table 7-13.

Table 7-13 Add Virtual Server: GUI Reference 

GUI Element	Action/Description
Virtual Server Details pane
Virtual Server Name field	Enter the name of the virtual server.
VIP Address field	Enter the IP address of the virtual server. Make sure that this address belongs to the same subnet as the VLAN connecting the firewall and content switching modules.
Protocol list	Click the drop-down arrow and then select one of the following protocols for the virtual server: •tcp •udp •any
Port field	Enter the number of the port associated with the virtual server. Note If you plan to use this port for Internet access, enter the value 80 here.
NAT VIP through Firewall pane
External IP field	Enter the external IP address of the virtual server. Make sure that this address belongs to the same subnet as the VLAN connecting the MSFC and firewall modules.
Server Farm pane
Server Farm Name field	Enter the name of the server farm.
Real Servers pane
IP Address column	Indicates the IP address of the real server.
In Service column	Indicates whether the real server should be put into service.
Add button	Click to add a real server to the Real Servers table. When prompted, enter the appropriate IP address and then click OK.
Delete button	Click to remove the selected real server from the Real Servers table.

Configuring the Server Farm Connection

To configure the connection to the server farm, enter the information specified in Table 7-14.

Table 7-14 Server Farm Connection Configuration: GUI Reference 

GUI Element	Action/Description
Connection Mode radio button	Select the appropriate port connection mode in this field.
Ports Selector	Select the ports you want to add to the VLAN specified in the VLAN field. See the "Port Selector" section for more information.
Configure VLAN for Selected Ports pane
VLAN list	Specify the VLAN to which the selected ports belong. Click and then select one of the following: •Select VLAN: opens the VLAN Selector dialog box. See the "VLAN Selector" section for more information. •Create VLAN: opens the Create VLAN dialog box. See the "Create VLAN Dialog Box" section for more information. •Clear VLAN: clears the VLAN that is specified in this field.
Server VLAN Interface on CSM pane
VLAN Type field	Indicates whether the VLAN is a client or server. By default, this value is set to server.
IP Address field	Enter the IP address of the server VLAN on the CSM.
Mask field	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select a value from the list.
Alias IP Address field	Enter the alias IP address of the server VLAN on the CSM.
Gateway field	Enter the gateway associated with the server VLAN.

Summary

See the "Summary" section.

Delivering the Configuration to the Switch/Module

See the "Delivering the Configuration to the Switch/Module" section.

Using the Firewall-Outside and CSM Setup Wizard

The wizard consists of five steps:

1. (Optional) Configure the connection to the Internet.

2. Assign a VLAN to transfer data between the firewall and the MSFC.

3. Assign a VLAN to transfer data between the firewall and the CSM.

4. (Optional) Specify a server VLAN on the CSM and assign ports to that VLAN for server farm access.

5. (Optional) Assign switch ports to the VLAN associated with the core network.

Steps 2 and 3 are the only mandatory steps in the wizard.

---

Note If a VLAN is already configured between the service modules affected by this wizard, certain wizard fields will be populated with the parameters set for this VLAN.

---

Selecting a Service Module

See the "Selecting a Service Module" section.

Configuring the Internet Connection

See the "Configuring the Internet Connection" section.

Configuring the Firewall-MSFC VLAN

See the "Configuring the Firewall-MSFC VLAN" section.

Configuring the Firewall-CSM VLAN

See the "Configuring the Firewall-CSM VLAN" section.

Configuring the Server Farm Connection

See the "Configuring the Server Farm Connection" section

Configuring the Core Network Connection

See the "Configuring the Core Network Connection" section.

Summary

See the "Summary" section.

Delivering the Configuration to the Switch/Module

See the "Delivering the Configuration to the Switch/Module" section.

Using the VPN-Outside Setup Wizard

The wizard consists of four steps:

1. Configure the connection to the remote site.

2. Configure a VLAN that connects the VPN module and the MSFC.

3. Assign a VLAN to transfer data between the MSFC and the firewall.

4. (Optional) Assign switch ports to the VLAN associated with the firewall's inside network.

---

Note If a VLAN is already configured between the service modules affected by this wizard, certain wizard fields will be populated with the parameters set for this VLAN.

---

Selecting a Service Module

See the "Selecting a Service Module" section.

Configuring the Remote Site Connection

To configure the connection to a remote site, enter the information specified in Table 7-15.

Table 7-15 Remote Site Connection Configuration: GUI Reference 

GUI Element	Action
Connection Mode radio button	Select the appropriate port connection mode.
Ports Selector	Select the ports you want to add to the VLAN configured on this page of the wizard. See the "Port Selector" section for more information.
Configure VLAN for Selected Ports pane
VLAN list	Specify the VLAN to which the selected ports belong. Click and then select one of the following: •Select VLAN: opens the VLAN Selector dialog box. See the "VLAN Selector" section for more information. •Create VLAN: opens the Create VLAN dialog box. See the "Create VLAN Dialog Box" section for more information. •Clear VLAN: clears the VLAN that is specified in this field.

Configuring the VPN-MSFC VLAN

To configure the VLAN connection between the VPN and MSFC modules, enter the information specified in Table 7-16.

Table 7-16 VPN-MSFC VLAN Configuration: GUI Reference 

GUI Element	Action
VLAN Connecting VPN and MSFC list	Specify the VLAN that connects the VPN and MSFC modules. Click and then select one of the following: •Select VLAN: opens the VLAN Selector dialog box. See the "VLAN Selector" section for more information. •Create VLAN: opens the Create VLAN dialog box. See the "Create VLAN Dialog Box" section for more information. •Clear VLAN: clears the VLAN that is specified in this field.
VPN: Slot X pane
Inside Port field	Enter the inside port associated with the VPN.
Allowed VLAN field	Enter the valid VLAN values for the VPN.
Crypto Map list	Select the crypto map to be associated with the VPN-MSFC VLAN.
MSFC: Slot X pane
Interface field	Enter the name for this interface.
IP Address field	Enter the IP address of the VLAN on this interface.
Mask list	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select a value from the list.

Configuring the MSFC-Firewall VLAN

See the "Configuring the MSFC-Firewall VLAN" section.

Configuring the Inside Network Connection

See the "Configuring the Inside Network Connection" section.

Summary

See the "Summary" section.

Delivering the Configuration to the Switch/Module

See the "Delivering the Configuration to the Switch/Module" section.

Using the VPN-Firewall Setup Wizard

The wizard consists of five steps:

1. Configure the connection to the remote site.

2. Assign a VLAN to transfer data between the VPN module and the MSFC.

3. (Optional) Configure the connection to the Internet.

4. Assign a VLAN to transfer data between the firewall and the MSFC.

5. (Optional) Assign switch ports to the VLAN associated with the MSFC's inside network.

---

Note If a VLAN is already configured between the service modules affected by this wizard, certain wizard fields will be populated with the parameters set for this VLAN.

---

Selecting a Service Module

See the "Selecting a Service Module" section.

Configuring the Remote Site Connection

See the "Configuring the Remote Site Connection" section.

Configuring the VPN-MSFC VLAN

See the "Configuring the VPN-MSFC VLAN" section.

Configuring the Internet Connection

See the "Configuring the Internet Connection" section.

Configuring the Firewall-MSFC VLAN

See the "Configuring the Firewall-MSFC VLAN" section.

Configuring the Core Network Connection

See the "Configuring the Core Network Connection" section.

Summary

See the "Summary" section.

Delivering the Configuration to the Switch/Module

See the "Delivering the Configuration to the Switch/Module" section.

Using the MSFC-CSM Setup Wizard

The MSFC-CSM setup wizard consists of three steps:

1. (Optional) Configure the connection to the Internet.

2. Assign a VLAN to transfer data between the MSFC and CSM.

3. (Optional) Specify a server VLAN on the CSM and assign ports to that VLAN for server farm access.

Step 2 is the only mandatory step in the wizard.

---

Note If a VLAN is already configured between the service modules affected by this wizard, certain wizard fields will be populated with the parameters set for this VLAN.

---

Selecting a Service Module

See the "Selecting a Service Module" section.

Configuring the Core Network Connection

See the "Configuring the Core Network Connection" section.

Configuring the MSFC-CSM VLAN

To configure the VLAN connection between the MSFC and CSM, enter the information specified in Table 7-17.

Table 7-17 MSFC-CSM VLAN Configuration: GUI Reference 

GUI Element	Action/Description
VLAN Connecting MSFC and CSM list	Specify the VLAN that connects the MSFC and CSM. Click and then select one of the following: •Select VLAN: opens the VLAN Selector dialog box. See the "VLAN Selector" section for more information. •Create VLAN: opens the Create VLAN dialog box. See the "Create VLAN Dialog Box" section for more information. •Clear VLAN: clears the VLAN that is specified in this field.
MSFC: Slot X pane
Interface field	Enter the name for this interface.
IP Address field	Enter the IP address of the VLAN on this interface.
Mask list	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select a value from the list.
CSM: Slot X pane
VLAN Type field	Indicates what type of VLAN this is. By default, this value is set to client.
IP Address field	Enter the IP address of the VLAN on this interface.
Mask list	Enter the subnet mask to which the specified IP address belongs. You can either type a value or select a value from the list.
Alias IP Address field	Enter the alias IP address of the VLAN on this interface.
Gateway pane
Use MSFC as Default Gateway radio button	Select to set the MSFC as the default gateway.
Gateway radio button	Select and then enter the IP address of the appropriate gateway.
Add Virtual Server button	Click to open the Add Virtual Server dialog box. See the "Adding a Virtual Server" section for more information.

Configuring the Server Farm Connection

See "Configuring the Server Farm Connection" section.

Summary

See the "Summary" section.

Delivering the Configuration to the Switch/Module

See the "Delivering the Configuration to the Switch/Module" section.