Re: 3 interfaces in port channel for inter fwsm HA
When you deploy inter-chassis FWSM's trunks between the 6500 switches are used for 2 things
1) Failover, to send the state table, keepalives etc. There is no reason why this has to be a separate trunk dedicated to the FWSM although Cisco say if you run it across a L2 trunk that is also used for other traffic QOS should enabled and the failover packets marked with IP Prec 5.
It really depends on how busy the trunk link is with other traffic. If you decide to create a separate trunk for this then you can use whatever number of ports (up to 8) that you want. 2 would give you redundancy and enough bandwidth, provided they were Gbps ports, for the stateful traffic.
2) The actual data traffic between the FWSM. Bear in mind that the L2 trunk between the 6500 chassis may well be needed for FWSM user traffic because the active gateway on the FWSM may be across the trunk link from the sender.
Again it depends on what else the L2 trunk is used for, how busy it is and how much firewall traffic there will be but there is a strong case to create a dedicated trunk for the FWSM user traffic. I would say at a minimum 3 ports at each end but it really does depend on traffic requirements.
Don't get hung up on the number of ports used in the configuration examples as they are generic examples and may not suit your traffic profile.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...