Re: Issue with multiple fwsm contexts residing on common IP segm

pallette · ‎08-14-2006

Can multiple fwsm context's inside interface reside on the same common IP network?

I have an issue where 2 fwsm context's inside interfaces reside on the same common IP network. I am unable to pass traffic to the outside interface of one of these contexts. I have verified routing / rules / nat / etc... and they all appear to be correct.

attached visio to depict issue. Any ideas would be appreciated

Fernando_Meza · ‎08-14-2006

Hi .. this can defineteley be done but you need to make sure that the "shared interface" in your case VLAN 20 has different IP addreses in each context also make sure the routing to them is correct. How are you controlling which traffic is routed to VLAN20 on context 1 and which traffic is routed to VLAN20 on context 2 ...? Also if you are PATing out this segment for INternet access make sure the PAT address is different per context otherwise the FWSM would not know to which context the traffic is to be delivered.

I hope it helps .. please rate it if it does !!!

pallette · ‎08-15-2006

Yes I have different IP addresses assigned to the different context interfaces. For traffic that enters into this environment, static routing in the 6500 global routing table is handling the traffic flow to vlan 30 and vlan 40. VLAN20 is a transiet link to get to networks in Context-A and Context-B.

However, traffic flow is operating normally for Context-A, but am unable to get to Vlan40 in Context-B.

You answered my question, so Vlan20 does not appear to be a problem, something else is going on that is preventing traffic flow to Vlan40

Issue with multiple fwsm contexts residing on common IP segment.