Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM - Duplicated MAC Addresses across contexts

I have two 7609S routers each with a FWSM running 4.0( 8)

I am licensed for 20 contexts.

Recently, I added a context for a new application and required access to a VLAN that already had an interface in another context.

The MAC address assigned to the interface in the new context was assigned the same MAC address as the interface in the previous context.

This caused an application running through the first context to fail.

I know that on the FWSM I cannot hardcode a MAC address to an interface in a context so how do I get around this problem caused by the duplicate MAC addresses?

Thanks, Ted

Everyone's tags (3)
1 REPLY
Cisco Employee

Re: FWSM - Duplicated MAC Addresses across contexts

Hi Ted,

The short answer is that you'll need to add static NAT statements (identity NAT is fine) to both contexts for each of the destinations that live behind each context.

For example, assume you share the outside interface across both of the following contexts:

ContextA - protects hosts in the 10.1.1.0/24 inside subnet

ContextB - protects hosts in the 10.2.2.0/24 inside subnet

You would need to add the following statics:

ContextA:

static (inside,outside) 10.1.1.0 10.1.1.0 netmask 255.255.255.0

ContextB:

static (inside,outside) 10.2.2.0 10.2.2.0 netmask 255.255.255.0

See the following guide for more details:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/contxt_f.html#wp1124236

-Mike

750
Views
0
Helpful
1
Replies
CreatePlease to create content