FWSM configuration

dominic.caron · ‎02-16-2007

Hi,

I'm linking my network core to a government agency. They are a bit paranoid and their cisco sale eng. sold them this concept.

His it even possible(I know it's ugly!). How is it possible ? The sale engineer told them it would all work in transparent mode!

dominic.caron · ‎02-16-2007

heres the network diagram

Jon Marshall · ‎02-16-2007

Hi dominic

Doing this from memory as i don't have visio on this laptop but i did look at it earlier.

Without knowing the full requirements or reasoning behind the design it's difficult to comment too much. But one thing that does stand out is that you cannot chain security contexts and from memory that's what the diagram shows. From the 3.1 FWSM config doc:

==============================================

Note The FWSM does not support sharing the outside interface of one context with the inside interface of another context (known as cascading contexts). Traffic that is outbound from one context(from a higher to a lower security interface) can only enter another context as inbound traffic (lower to higher security); it cannot be outbound for both contexts, or inbound for both contexts.

==============================================

Are you going to accessing servers from all the contexts in the diagram ?

Jon