Is it possible to route between multiple security contexts on a FWSM?
In a campus environment we like to install a FWSM to secure vlans to replace the SVI on the MSFC. The vlans represents different departments with security requirements and are currently interface on the MSFC with ACLs are used for access.
In a test setup routing over the MSFC works fine but back to another security contexts not. How can we route between two (or more) security contexts?
Adding what has been said above. You could user VRF feature of SUP-720 and put each virtual context in it's own routing domain and route accordingly
you can also setup dedicated VLANs for inetrconnecting contexts. For instance you can put an interface on each context on VLAN x and then route between them. You can also bypass the MSFC this way. Although if you are planning to do it with a alot of contexts a shared outside is probably the best approach.
To setup a shared VLAN just allocate the same vlan to both contexts -
Then give them an IP on the same subnet and an access-list on each context interface and put in your routes, also no nat-control to get rid of those terrible static nat commands.
Depends exactly what you mean. To move between contexts on the FWSM you would need to do one of 2 things
1) Have a shared vlan with servers that all contexts need to access. Probably no what you want.
2) You could share the outside vlan between contexts. Each outside interface from each context would be on the same subnet. You would have to have an MSFC SVI for this subnet. Then you route between contexts via the MSFC SVI. It is still secure because you can't bypass the outside interface of any of the contexts.