Re: Active/Active FWSM

a12288 · ‎11-22-2006

Has anybody deployed FWSMs to firewall campus traffic? we are trying to deploy 2 FWSMs on our 2 Cores Routers which are fully meshed to Internet Edge routers and Distribution layer router, so Asymmetric Routing and FO are must, unfortunately we can not test it out in Lab since it would need 2 SUP720s.

ssoberlik · ‎11-28-2006

What versions of fwsm's are you using?

a12288 · ‎11-29-2006

I have two brand-new 3.1 FWSM, which would deploy into our Core routers, so I would have to change the current fully-mesh L3 p2p links between Core and Internet-Edge routers, to L3 VLan, also since we don't have such luxury to have two spare SUP720s to test it out, and CCO gives very limited document about how to configure active/active and asymmetric routing while it might be very simple and stright forward, but looks like it's a black box to me though, we have another 2 FWSM which is runing 2.3 in inter-chasis active-standby and would promote them to active/active next year.

jgervia_2 · ‎11-28-2006

Hello,

I haven't tried it yet, but it seems fairly simple.

Check out this link:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a0080577c7d.html#wp1092832

It seems that other than stateful failover, all you need to do is define the asr-group it belongs to on each FWSM.

Only works in 3.x.

--Jason

Please rate this message if it solves some or all of your question/issue.