03-24-2009 03:26 AM
Hello,
I'm implementing a data center with an Aggregation layer equiped with FWSM-1 which cannot support active/active failover.
I'm thinking about multi-context to manually divide traffic into the two CAT6500.
Any comment or suggestion ?
Solved! Go to Solution.
04-02-2009 11:00 AM
Omar
You did ask for comments after all :-).
You said in your initial post that you could not use active/active but what you describe in terms of failover in your scenario is active/active, see this link -
http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/fail_f.html#wp1052847
If you choose to go active/standby you cannot have FWSM1 active for one context and standby for another.
Jon
04-01-2009 01:35 PM
Omar
Not sure i fully understand. If you run active/stanby then multi-context will not allow you to have different FWSM's active and standby. In an active/standby config the active firewall is active for all contexts and the standby is stanby for all contexts.
Only active/active will allow you to use both FWSM's at the same time.
Jon
04-02-2009 05:30 AM
And you want to say that we cannot create more than one failover group when using active/standby ?
04-02-2009 07:47 AM
Omar
My understanding is that even with active/active both FWSM's are never active for the same context so yes unless you use active/active one FWSM is active for all contexts and one is standby.
Jon
04-02-2009 08:11 AM
You can take a look about this please :
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/ACE_FWSM.html#wp1001980
I think each context is Active on different hardware.
04-02-2009 11:00 AM
Omar
You did ask for comments after all :-).
You said in your initial post that you could not use active/active but what you describe in terms of failover in your scenario is active/active, see this link -
http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/fail_f.html#wp1052847
If you choose to go active/standby you cannot have FWSM1 active for one context and standby for another.
Jon
04-05-2009 02:31 AM
Jon,
Thank you for the message :)
Regards,
Omar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: