Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using CSM and FWSM together

We are a hosting company looking to implement a Blade server/6500 solution.

We are looking to use a 6500 with an FWSM and loadbalancing between servers on a per customer/context basis.

All the examples on support suggest CSM before and after firewall contexts however is it possible to move traffic in the following order on a single 6500?

Outside -> FWSM -> CSM -> Customer server farm?

Would this be done utilising 3 VLANs?

Cisco Employee

Re: Using CSM and FWSM together

Are you doing firewall loadbalancing or server loadbalancing ?

FW loadbalancing needs 2 CSM because you first need to select which firewall to use on the way out -> in and you also need to guarantee to use the same Fw on the way in -> out for the same connection.

The 2nd CSM can learn what FW was used and guarantee that the server response will use the same one.

This can however be done with a single CSM - just a little bit more complicated to configure.

I wrote a document about this @

I also would like to mention that nowadays the prefered loadbalancer would be the application control engine (ACE).

This device will defintely replace the CSM in a near future.


New Member

Re: Using CSM and FWSM together

Gilles, thanks for the reply.

We may be doing server load balancing as well as firewall load balancing depending on customer requirements. We still don't have the full details of the modules available to us yet so we may have to rethink depending on what we are supplied with. I'll make sure to take your guide as a reference point thanks!