cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
952
Views
0
Helpful
3
Replies

Active/Active FWSM

a12288
Level 3
Level 3

Has anybody deployed FWSMs to firewall campus traffic? we are trying to deploy 2 FWSMs on our 2 Cores Routers which are fully meshed to Internet Edge routers and Distribution layer router, so Asymmetric Routing and FO are must, unfortunately we can not test it out in Lab since it would need 2 SUP720s.

3 Replies 3

ssoberlik
Level 4
Level 4

What versions of fwsm's are you using?

I have two brand-new 3.1 FWSM, which would deploy into our Core routers, so I would have to change the current fully-mesh L3 p2p links between Core and Internet-Edge routers, to L3 VLan, also since we don't have such luxury to have two spare SUP720s to test it out, and CCO gives very limited document about how to configure active/active and asymmetric routing while it might be very simple and stright forward, but looks like it's a black box to me though, we have another 2 FWSM which is runing 2.3 in inter-chasis active-standby and would promote them to active/active next year.

jgervia_2
Level 1
Level 1

Hello,

I haven't tried it yet, but it seems fairly simple.

Check out this link:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a0080577c7d.html#wp1092832

It seems that other than stateful failover, all you need to do is define the asr-group it belongs to on each FWSM.

Only works in 3.x.

--Jason

Please rate this message if it solves some or all of your question/issue.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: