Hello,

I am just designing a solution where a FWSM consists of 2 contexts initially and has a shared outside interface pointing to the 6500 switch. There are 3 subnets connected to each of the FWSM contexts. So if anyone wants to access these 6 subnets then a route would be needed pointing to the interface vlan of the shared interface on the switch. But that would not be enough to access the subnets.. I am sure we have to define static NATS to point them to the right context where these subnets reside.

The FWSM is running version 3.x code

So say 1.1.1.0(shared), 10.10.0.0(inside1), 10.20.0.0(inside2) and 10.30.0.0(inside3) reside in Context 1 and

1.1.1.0(shared), 20.10.0.0(dmz1), 20.20.0.0(dmz2) and 20.30.0.0(dmz3) reside in Context 2

in each of the context we would have to make three static NATS

static(inside1,shared) 10.10.0.0 10.10.0.0 netmask 255.255.255.0

static(inside2,shared) 10.20.0.0 10.20.0.0 netmask 255.255.255.0

static(inside3,shared) 10.30.0.0 10.30.0.0 netmask 255.255.255.0

The same would go for context 2 as well

static(dmz1,shared) 20.10.0.0 20.10.0.0 netmask 255.255.255.0

static(dmz2,shared) 20.20.0.0 20.20.0.0 netmask 255.255.255.0

static(dmz3,shared) 20.30.0.0 20.30.0.0 netmask 255.255.255.0

By creating these NAT statements, would the outside users be able to access the subnets residing in the context?

Thanks