https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081397#M915686 <HTML><HEAD></HEAD><BODY><P>Right sorry, I meant shared vlans.</P><P></P><P>In an msfc-outside config, I want to have a switch connect into active context1 on vlan 5. I want another switch connect into context2 on vlan 6 from another switch. Now I want for both of these contexts to share "vlan 10".</P><P></P><P>Keep i n mind that Active context1 will be on 6506-1 and Active context2 will be on 6506-2.</P><P></P><P>So my question is, can I setup a shared vlan for use between these 2 contexts.</P></BODY></HTML> Wed, 30 Jul 2008 16:34:56 GMT cisconoobie 2008-07-30T16:34:56Z https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081395#M915683 <P>Is it possible to setup an Active/Active FWSM Configuration where there is a shared interface between both Active contexts.</P><P></P><P>There will be 2 x 6506's with a FWSM each. I want to have an Active Context on each FWSM in the 6506's. And I want to make a shared interface between these active/active contexts across both 6506's.</P><P></P><P>Possible?</P> Mon, 11 Mar 2019 13:22:43 GMT https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081395#M915683 cisconoobie 2019-03-11T13:22:43Z https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081396#M915684 <HTML><HEAD></HEAD><BODY><P>What do you mean by shared interfaces? YOu share interfaces because you are falling short of phyiscal interfaces, there is no such thing on the FWSM. Just VLANS?</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Wed, 30 Jul 2008 14:03:11 GMT https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081396#M915684 Farrukh Haroon 2008-07-30T14:03:11Z https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081397#M915686 <HTML><HEAD></HEAD><BODY><P>Right sorry, I meant shared vlans.</P><P></P><P>In an msfc-outside config, I want to have a switch connect into active context1 on vlan 5. I want another switch connect into context2 on vlan 6 from another switch. Now I want for both of these contexts to share "vlan 10".</P><P></P><P>Keep i n mind that Active context1 will be on 6506-1 and Active context2 will be on 6506-2.</P><P></P><P>So my question is, can I setup a shared vlan for use between these 2 contexts.</P></BODY></HTML> Wed, 30 Jul 2008 16:34:56 GMT https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081397#M915686 cisconoobie 2008-07-30T16:34:56Z https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081398#M915688 <HTML><HEAD></HEAD><BODY><P>You can only share it if interfaces are in routed mode. Normally only outside interfaces can be shared because of the FWSM's single MAC address limitation &amp; Static statement requirement.</P><P></P><P>You need to use static NAT statements as In case of shared interfaces. FWSM's "Classifier" intercepts the traffic and depending on the destination IP hands the traffic over to the appropriated context.</P><P></P><P>Syed Iftekhar Ahmed</P></BODY></HTML> Wed, 30 Jul 2008 17:21:52 GMT https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081398#M915688 Syed Iftekhar Ahmed 2008-07-30T17:21:52Z https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081399#M915690 <HTML><HEAD></HEAD><BODY><P>You can find some examples here:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/exampl_f.html#wp1049516" target="_blank">http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/exampl_f.html#wp1049516</A></P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Thu, 31 Jul 2008 01:05:23 GMT https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081399#M915690 Farrukh Haroon 2008-07-31T01:05:23Z https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081400#M915692 <HTML><HEAD></HEAD><BODY><P>Thank you both so much for the responses. Please take a look at my diagram of what I want to accomplish. I want to be able to access the Mail servers, DNS, filers, etc from both vlans.</P><P></P><P>Basically I want to be able to share "vlan 20", between C-1 (Context 1) and C-2 (Context 2)</P><P></P><P>I want to be able to connect to vlan 20 from vlan 10 and vlan 30 at any time.</P><P></P><P>From what you said, I can only share the Outside Vlan &amp; Interface but I cannot share the inside vlan, in my case vlan 20.</P><P></P><P>Is this correct?</P><P></P><P> </P><P></P></BODY></HTML> Thu, 31 Jul 2008 14:49:19 GMT https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081400#M915692 cisconoobie 2008-07-31T14:49:19Z https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081401#M915694 <HTML><HEAD></HEAD><BODY><P></P><P>You are right. </P><P>As I said the decision to pick Context is made on the "Destination address" defined in a NAT statement.</P><P></P><P>For your outgoing traffic (from vlan 20) hitting internet. It would be practically impossible to define NAT statements for internet Hosts.</P><P></P><P>One option here would be to introduce two VRFs between vlan 20 and the two FWSM contexts.</P><P></P><P>Syed Iftekhar Ahmed</P></BODY></HTML> Thu, 31 Jul 2008 16:55:50 GMT https://community.cisco.com/t5/network-security/shared-interface-between-fwsm-contexts/m-p/1081401#M915694 Syed Iftekhar Ahmed 2008-07-31T16:55:50Z