Hi - I'm designing the network topology for a multi tiered application using a 6509 with ACE and FWSM. Each tier will be in it's own VLAN and IP subnet and communications between tiers needs to be firewalled and in some cases loadbalanced.
I propose to do this by using a different context on both the ACE and the FWSM and using bridging mode within each context on both the FWSM and ACE as per Cisco's verified design for ACE/FWSM. It's perfectly feasable that a connection could be made for example to a server in the web tier, which would then need to make a connection to a server in the Application tier, which would in turn need to make a connection to a server in the database tier.
As far as I can see, the design I've proposed should work. Is anyone in a position to comment on whether there is anything wrong with this design, or a better way to do it?
There is no NAT to consider within this network
I've attached a JPG showing an example of the sort of connectivity that could be expected.