ACE/FWSM design question

Level 2

Hi - I'm designing the network topology for a multi tiered application using a 6509 with ACE and FWSM. Each tier will be in it's own VLAN and IP subnet and communications between tiers needs to be firewalled and in some cases loadbalanced.

I propose to do this by using a different context on both the ACE and the FWSM and using bridging mode within each context on both the FWSM and ACE as per Cisco's verified design for ACE/FWSM. It's perfectly feasable that a connection could be made for example to a server in the web tier, which would then need to make a connection to a server in the Application tier, which would in turn need to make a connection to a server in the database tier.

As far as I can see, the design I've proposed should work. Is anyone in a position to comment on whether there is anything wrong with this design, or a better way to do it?

There is no NAT to consider within this network

I've attached a JPG showing an example of the sort of connectivity that could be expected.

Many Thanks in advance

Level 1

We have the same design and it works fine.

We are planning to do the same type of design. Does anyone have any documents that point to the specifics of the design and configuraton details?

Any help will be greatley appreciated.


Thanks for your responses. I'm half way through implemeting this and there have been no problems so far.

With regards design & config notes for this, this document has most of what you need -

Does anyone have any experience in designing/implementing the FWSM in routed mode but the ACE in bridged mode?

Like this:

MSFC > FWSM(routed) > ACE(bridged)

thank you