Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

FWSM Multiple-contexts Configuration

Dear NetPros;

Is there any limitation or precautions when implementing multiple-contexts plus shared VLAN with MSFC?

I'm currently using multiple-contexts with seperate VLANs with MSFC and my new FWSM will be configured with shared VLAN.

Any opinion would be appreciated.

Thanks,

Charles

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions

Re: FWSM Multiple-contexts Configuration

Multiple context mode does not support the following features:

• Most dynamic routing protocols. BGP stub mode is supported.

• Multicast routing. Multicast bridging is supported.

Now Shared interface

Problem with FWSM is that it has only one MAC address. When vlans are shared among multiple contexts the FWSM's "Classifer" selects the appropriate context on the basis of  Destination address of the traffic only. This requires setting up Static NAT rules on contexts to enable "classifier" to make decisions.

Since for Internet/outbond traffic you dont know all the destinations and cannot create NAT rules for all destinations, It is not possible to share inside interfaces of the contexts.

Sharing is also not possible and permitted between Transparent Contexts

Sharing Vlans needs to be avoided whereever possible with FWSM for simplicity Sake..

Syed iftekhar Ahmed

 

1 REPLY

Re: FWSM Multiple-contexts Configuration

Multiple context mode does not support the following features:

• Most dynamic routing protocols. BGP stub mode is supported.

• Multicast routing. Multicast bridging is supported.

Now Shared interface

Problem with FWSM is that it has only one MAC address. When vlans are shared among multiple contexts the FWSM's "Classifer" selects the appropriate context on the basis of  Destination address of the traffic only. This requires setting up Static NAT rules on contexts to enable "classifier" to make decisions.

Since for Internet/outbond traffic you dont know all the destinations and cannot create NAT rules for all destinations, It is not possible to share inside interfaces of the contexts.

Sharing is also not possible and permitted between Transparent Contexts

Sharing Vlans needs to be avoided whereever possible with FWSM for simplicity Sake..

Syed iftekhar Ahmed

 

133
Views
0
Helpful
1
Replies