https://community.cisco.com/t5/network-security/fw-in-vss-environment/m-p/1312516#M859203 <P>Working in a VSS environment, one firewall in each catalyst, configured with two context and Active / Passive scenario. One VLAN exist between two context, but no communication between context over the VLAN. ARP is showing same mac-address on two different VLAN and on two different context.</P><P></P><P>Context APP:</P><P> Inside 172.20.0.10 001b.380c.7e4c </P><P> Inside 172.20.70.249 001b.380c.7e4c </P><P> Inside 172.20.0.5 001b.380d.0357 </P><P> DMZ.NMS 172.16.12.7 0023.334d.e3bc </P><P> DMZ.NMS 172.16.12.6 0023.334d.e37c </P><P> Outside.INT 172.16.10.3 0024.971f.4900 </P><P> Outside.EDN 172.16.10.37 0025.45f4.7000 </P><P> Outside.EDN 172.16.10.35 0024.971f.4900 </P><P></P><P>Context INT</P><P> Outside.INT 202.14.71.165 0013.c34d.1ad0 </P><P> Inside.INT 172.16.10.2 0024.971f.4d00 </P><P> Inside.INT 172.16.10.1 0024.971f.4900 </P><P> Inside.EDN 172.16.10.33 0024.971f.4900 </P><P> Inside.EDN 172.16.10.37 0025.45f4.7000 </P><P> DMZ2 202.125.132.154 0014.5e18.a042 </P><P></P><P>Same mac-address entry on security interface Outside.EDN, Outside.INT, Inside.INT and Inside.EDN.</P> Mon, 11 Mar 2019 15:46:11 GMT Ahmed Shahzad 2019-03-11T15:46:11Z https://community.cisco.com/t5/network-security/fw-in-vss-environment/m-p/1312516#M859203 <P>Working in a VSS environment, one firewall in each catalyst, configured with two context and Active / Passive scenario. One VLAN exist between two context, but no communication between context over the VLAN. ARP is showing same mac-address on two different VLAN and on two different context.</P><P></P><P>Context APP:</P><P> Inside 172.20.0.10 001b.380c.7e4c </P><P> Inside 172.20.70.249 001b.380c.7e4c </P><P> Inside 172.20.0.5 001b.380d.0357 </P><P> DMZ.NMS 172.16.12.7 0023.334d.e3bc </P><P> DMZ.NMS 172.16.12.6 0023.334d.e37c </P><P> Outside.INT 172.16.10.3 0024.971f.4900 </P><P> Outside.EDN 172.16.10.37 0025.45f4.7000 </P><P> Outside.EDN 172.16.10.35 0024.971f.4900 </P><P></P><P>Context INT</P><P> Outside.INT 202.14.71.165 0013.c34d.1ad0 </P><P> Inside.INT 172.16.10.2 0024.971f.4d00 </P><P> Inside.INT 172.16.10.1 0024.971f.4900 </P><P> Inside.EDN 172.16.10.33 0024.971f.4900 </P><P> Inside.EDN 172.16.10.37 0025.45f4.7000 </P><P> DMZ2 202.125.132.154 0014.5e18.a042 </P><P></P><P>Same mac-address entry on security interface Outside.EDN, Outside.INT, Inside.INT and Inside.EDN.</P> Mon, 11 Mar 2019 15:46:11 GMT https://community.cisco.com/t5/network-security/fw-in-vss-environment/m-p/1312516#M859203 Ahmed Shahzad 2019-03-11T15:46:11Z https://community.cisco.com/t5/network-security/fw-in-vss-environment/m-p/1312517#M859205 <HTML><HEAD></HEAD><BODY><P>What is the question? </P><P></P><P>FWSM only has one MAC address. So, you will see the same MAC address on all the vlans. Since the interface is shared between the two contexts you will see the same MAC there as well.</P><P></P><P>When you share the outside interface, then you have to make sure to translate the inside networks.</P><P></P><P>When you share the inside interface, you need to translated the outside network (this gets ugly if the outside interface faces the internet).</P><P></P><P>Pls. read below:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/contxt_f.html#wp1124236" target="_blank">http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/contxt_f.html#wp1124236</A></P><P></P><P></P></BODY></HTML> Mon, 22 Jun 2009 19:12:38 GMT https://community.cisco.com/t5/network-security/fw-in-vss-environment/m-p/1312517#M859205 Kureli Sankar 2009-06-22T19:12:38Z