Question regarding design of an ACE with FWSM using multiple FWSM contexts. It's fairly straight forward, but here is the topology:
Client -> FWSM (Perimeter Context) -> ACE VIP -> FWSM -> Real Server
I'm asking for some feedback on running the FWSM on the inside segregating the Real Server in transparent mode vs. route mode.
In route mode, the traffic would get double NAT'd (ACE Real server points to NAT on outside of FWSM context) where as the transparent would obviously just inspect and pass the traffic without the rewrite.
Anyone have any thoughts/experience on this? Thanks in advance.