Our primary FWSM in our cat6509 has been running for a couple of years now...we finally purchased a redundant module and currently have it backed out of the chassis...One question I have is, since we don't have any "redundancy" configured, just popping this 2nd FWSM in and bringing it "active" isn't going to cause us any problems, will it? And 2nd, can we load a newer version (3.x) of code on the backup FWSM and test on it, if we don't have redundancy configured (for awhile)?? Any help is appreciated....
Re: Secondary (redundant) FWSM just arrived for 6509
If it's brand-new with no configuration, inserting the fwsm should cause no problem. Just to be safe, though, be sure the switch does not have a "firewall module x vlan-group y" command for that slot.
Yes, you can run different versions of code as long as you don't have failover configured (you don't say what your current fwsm version is but, once you get to 3.1, you can run different maintenance releases even with failover enabled). While experimenting with the second module, make sure that you have different firewall vlan-groups defined for each module, with no overlap in vlans between the groups.
One other thing ... if you use a newer version of code on the fwsm, it may have different requirements for the switch IOS. Make sure your switch IOS will work with the FWSM code.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...