I will shortly be implementing a FWSM solution, consisting of 2x FWSMs and 2x 6500 Chassis. Each chassis will have a FWSM installed, and ideally I'd like to run active/active with 2 contexts (+ admin context) and failover. I have the standard license.
I want to acheive the following:
Active on FWSM A - Function is main flow of Traffic from inside to outside (internet traffic from inside network)
Active on FWSM B - Function is to host multiple DMZ interfaces for servers. Inside hosts will also need to communicate with these servers (inside being the same IP ranges using Context A for their internet traffic).
I would also require to configue failover between the contexts, and outside and inside VLANs for both contexts will be the same (same IP range).
When using multiple context mode, all of the configuration examples I have seen so far have the MSFC outside the FWSM, having the MSFC face the internet.
This is not the way I would like to implement the solution, I'd much rather have the FWSM facing the internet.
Is this indeed the case when running multi-context, that the MSFC must be 'outside' in this scenario?
Thanks for any assistance.....