cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

441
Views
0
Helpful
3
Replies
michaelwarner
Beginner

FWSM Multiple Security Zones on Single Context?

Hello,

My corporate internal network is currently firewalled by an FWSM module on a 6513 switch.  We have each security zone (we have eight) assigned to a FWSM context and have ACLs set up between the contexts and the enterprise LAN/WAN.  Is it possible to support firewalling between these zones within a single security context?  The reason I am asking is that we would like to purchase a second FWSM for use as a standby, but do not want to cough up the ~ $12K for the context license.  We will ultimately be transitioning to ASAs for internal security, so do not want to spend more than we need to. Thanks in advance.

Mike

1 ACCEPTED SOLUTION

Accepted Solutions
Jennifer Halim
Cisco Employee

Definitely can if each current context have different subnets.

All you have to do is to configure ACL on each of the interfaces to allow access, and also configure NAT exemption if you don't want to have any NATing between those subnets.

View solution in original post

3 REPLIES 3
Jennifer Halim
Cisco Employee

Definitely can if each current context have different subnets.

All you have to do is to configure ACL on each of the interfaces to allow access, and also configure NAT exemption if you don't want to have any NATing between those subnets.

View solution in original post

Thanks for the reply, Jennifer!  I suspected that was the case, but was having a difficult time location any configuration examples using multiple VLANS within a single context.  I will try this on one of my inactive contexts to see how it works. Thanks again.

Mike

here is a simple configuration example:

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00808b4d9f.shtml

It's a good starting one with multiple interfaces with a single context.

You can post more questions in the forum if you have any once you started playing more with a single context.

Content for Community-Ad