09-06-2007 07:16 AM - edited 03-11-2019 04:07 AM
I will shortly be implementing a FWSM solution, consisting of 2x FWSMs and 2x 6500 Chassis. Each chassis will have a FWSM installed, and ideally I'd like to run active/active with 2 contexts (+ admin context) and failover. I have the standard license.
I want to acheive the following:
Context A:
Active on FWSM A - Function is main flow of Traffic from inside to outside (internet traffic from inside network)
Context B:
Active on FWSM B - Function is to host multiple DMZ interfaces for servers. Inside hosts will also need to communicate with these servers (inside being the same IP ranges using Context A for their internet traffic).
I would also require to configue failover between the contexts, and outside and inside VLANs for both contexts will be the same (same IP range).
When using multiple context mode, all of the configuration examples I have seen so far have the MSFC outside the FWSM, having the MSFC face the internet.
This is not the way I would like to implement the solution, I'd much rather have the FWSM facing the internet.
Is this indeed the case when running multi-context, that the MSFC must be 'outside' in this scenario?
Thanks for any assistance.....
09-06-2007 09:03 AM
Hi Chris
Not sure if you are asking how to do the config or if your question is purely about the position of the MSFC.
Anyway in answer to your question about the MSFC, no it does not have to be in front of the FWSM. In fact when using multiple context you can have some contexts with MSFC in front and some with MSFC behind.
To configure with MSFC behind just make sure that the vlan on the outside of the FWSM towards the internet does not have an SVI for it on the MSFC ie. don't configure a layer 3 interface for that vlan on the 6500, just create it on the FWSM.
HTH
Jon
09-06-2007 01:16 PM
Hi Jon,
Thanks for the response, thats what I was hoping for.
You have a few very useful posts in various threads on here, keep up the good work!
Chris.
09-06-2007 11:05 PM
Chris
Only a few !! :)
Glad to help and thanks for the rating.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide