I am working on a design for dual 6509 each with single FWSM.
I am thinking over how I would like to set this up, in the past I would normally config 3 gig ports as trunk, giving 6gb full duplex, and then config trunk to allow data vlan and the failover and state vlans (failover & state separate vlans), but a colleague has proposed that the initial trunk be used to carry only user data traffic and another trunk be setup, specifically for the failover and state vlans.
Howoever after thinking this through I have a theory that I need to be verified;
If the user data trunks happended to go down, for whatever reason (and yes they would be etherchannel) then since the failover and state trunks are separate then the fwsms would still be sending keepalives etc, and thus assume each FWSM was ok, therefore the FWSM does not failover and all user data traffic gets black holed.
My idea would be to, as mentioned at start, have s gig ports in an etherchannel and have all user data, failover and state vlans allowed across, spread the etherchannel across several modules, and then enable QOS on the trunk to allow the failover & state packets with COS 5 higher priority.
Can anyone confirm that my thoughts are correct? Or indeed not?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...