I have implemented multiple virtual contexts on an FWSM. I have a network for FW context mgmt connected to a vrf which then connects to another FW context providing connectivity to the rest of the network. Configuration is detailed as follows (without real names/IP addresses for customer confidentiality):-
- FW context FW1 connected to FW_mgmt subnet (10.1.1.0/24)
- FW context FW2 connected to FW_mgmt subnet (10.1.1.0/24)
- FW context FW3 connected to FW_mgmt subnet (10.1.1.0/24)
- FW_mgmt subnet connected to VRF1
- VRF1 connected to FW context FW4
- FW4 Vlan 1 (outside) interface connected to a VRF (VRF2) providing connectivity to the rest of the network
- FW4 Vlan 2 (inside) interface connected to Mgmt subnet (10.1.2.0/24)
- FW4 Vlan 3 (FW_Mgmt) interface connected to VRF1
If I establish a SSH session from a PC on the Mgmt network (10.1.2.0/24) to any of the FW contexts in the FW_mgmt network (10.1.1.0/24), the session establishes and I can log into all the contexts.
Beyond the outside interface of FW4 there is a syslog server and a radius server.
I configured FW1, FW2 and FW3 to use their interfaces on the FW_mgmt network for syslog and radius authentication.
I do not receive any syslog messages or radius authentication requests from FW1, FW2 or FW3.
After setting up a capture on the FW4 interface connected to VRF1 (Vlan3) I do not see any syslog or radius packets being received.
I am currently running FWSM version 3.1(5)
Has anyone experienced such a problem? If so, any advice as to what the solution could be would be greatly appreciated.