Virtual Context on CAT-6509E FWSM Module

nedian123 · ‎02-11-2008

Hi all,

Can we use a single Virtual Context for filtering traffic from Multiple VLANs?. It should be any how possible b/c we are having a license of only 20 or 22 Virtual Contexts & lots Customer VLANs.

I tried to make a 2nd SVI(int Vlan56) an Internal interface but its not working......... Do help me out so that this context(Companyxyz-Internal) fiters traffic for multiple VLANs.

FWSM Firewall Version 3.2(2)

CFWSM-FW# sh run

interface Vlan30

description CUSTOMER-1

!

interface Vlan50

description External

interface Vlan56

description CUSTOMER-2

admin-context Companyxyz-Internal

context Companyxyz-Internal

description admin-context Companyxyz-Internal

allocate-interface Vlan30

allocate-interface Vlan56

allocate-interface Vlan50

config-url disk:/Companyxyz-Internal

join-failover-group 1

CFWSM-FW# changeto context Companyxyz-Internal

CFWSM-FW/Companyxyz-Internal#sh run

interface Vlan30

nameif inside

security-level 100

ip address 172.16.33.1 255.255.255.0 standby 172.16.33.2

!

interface Vlan50

nameif outside

security-level 0

ip address 172.16.66.4 255.255.255.248 standby 172.16.66.5

interface Vlan56

no nameif

no security-level

no ip address

CFWSM-FW/Companyxyz-Internal(config)# int vlan 56

**** WARNING ****

Configuration Replication is NOT performed from Standby unit to Active unit.

Configurations are no longer synchronized.

CFWSM-FW/Companyxyz-Internal(config-if)# nameif inside

WARNING: VLAN *56* is not configured.

ERROR: Name "inside" has been assigned to interface Vlan51

CFWSM-FW/Companyxyz-Internal(config-if)#

Regards,

Akhtar

jim · ‎02-11-2008

Couple things.

It looks like you are trying to add the new config to the standby unit which is causing the first error.. and 2nd ... Did you add vlan 56 to the firewall vlan-group statement on the supervisor?

should look something like

firewall vlan-group 1 30,50,56

nedian123 · ‎02-11-2008

Vlans are already added to Firewall vlan-group......