FWSM behind ACE module

Answered Question
Aug 30th, 2008


Scenario:


Internet Client request hits the FWSM and then gets routed to ACE module for load balancing.


VLANs defined on FWSM are 5 (outside), 6 (DMZ), 7 (inside). Client requests are forwarded to DMZ segment where server farm is located.


My question is whether the client VLAN on the ACE module should be the same as DMZ VLAN on FWSM i.e. VLAN 6.


Rgds.

Correct Answer by Marwan ALshawi about 8 years 5 months ago

in this case correct

because in this case the path will baypass the FWSM


good luck


if helpful rate

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Marwan ALshawi Sat, 08/30/2008 - 04:59

ofcourse it must be

if not how they gonna comunicate

they should be on the same vlan and the same ip subnet


imagnate exactly like to directly connected interface!!


but dont make SVI for this VLAN on the MSFC


if helpful Rate

new_networker Sat, 08/30/2008 - 05:24


So for the SVI, it would have been defined if the client VLANs were not going through FWSM, but would have hopped across different VLANs via the MSFC. Is it correct ?

Correct Answer
Marwan ALshawi Sat, 08/30/2008 - 05:26

in this case correct

because in this case the path will baypass the FWSM


good luck


if helpful rate

Actions

This Discussion