2 FWSMs (FW,NAT) in C6509 chassis

Unanswered Question
May 8th, 2007


We have 2 FWSMs [versions: FWSM1: 2.3(4) & FWSM2: 2.3(3)] in C6509 chassis [with IOS version 12.2(18)SXF4]

We have 10Gbps link towards ISP and we would like to use full bandwidth with the 2 FWSMs.

FWSM1 is the main firewall have one inside and one ISP interface and both interface have one IP address.

FWSM1 firewalled our network thus far but we run out of IP addresses :(

We have to use the FWSM2 to NAT [translate roughly 1500 IPs/clients] but we have only one IP address towards ISP.

Can we configure the 2 FWSMs side-by-side in C6509 chassis to provide 10Gbps, and stay one IP address towards ISP?

Or we should ask more IP from ISP?

ISP's gw IP (etc.): metric 1 (default gw)

My theory is: http://www.mehok.uni-miskolc.hu/~oreggin/1c6509-2fwsm.txt

Should it work? If won't, how to configure the C6509 & FWSMs to works side-by-side?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
oreggin80 Tue, 05/15/2007 - 02:35


I worry about the fact one PAT is not enough to Translate ~1500 hosts but I have some theories to solve this problem.

The first chart is to represent the state of our network today and the extract about the configuration:



Well, i don't want to modify FWSM1 config extremely. I wouldn't like to shut down, or reboot the FWSM1 till it is unavoidable.

The NA-Translation is allowed to work only on FWSM2. I would like to present my theories:

The first one was tried with PAT, but we were run outs of ports.



To the second variation we need a second IP if it would operate.



The third one was also tried but it did't operate, perhaps because of the bad configs.



What is your opinion about these versions? which config is the nearest to the right solution?

If these theories wouldn't work, can I combine these configs to reach my goal: a well-working system?

Or could you send me a working example-config to create a third variation.




This Discussion