Example 8: Active/Active Failover With Asymmetric Routing Support; Prerequisites; Primary Fwsm Configuration (Example 8 - Cisco 7604 Configuration Manual

Appendix B Sample Configurations

Example 8: Active/Active Failover with Asymmetric Routing Support

The following example shows how to configure Active/Active failover. In this example there are three
contexts: Context A (the admin context), Context B, and Context C.
•
•
Figure B-8
Figure B-8
Primary
Failover Group 1
Active
Active Contexts
-Context A
-Context B

Prerequisites

Both units must be in multiple context mode. Use the mode multiple command to switch the primary
and secondary FWSMs to multiple context mode. You must enter the mode multiple command on both
the primary and secondary unit to change modes; the mode multiple command is not replicated to the
secondary unit even in existing Active/Standby failover configurations.
Both FWSMs must be licensed for the same number of security contexts.

Primary FWSM Configuration (Example 8)

The following sections include the configuration for the primary FWSM:
•
•
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
The failover groups are configured with the preempt command.
The admin context only has one interface.
shows the network diagram for the example.
Active/Active Failover Configuration
VLAN 201
10.0.9.2
10.0.5.1
192.168.1.1
192.168.2.1
System Context Configuration (Primary FWSM—Example 8), page B-28
Context A Configuration (Primary FWSM—Example 8), page B-28
Context B Configuration (Primary FWSM—Example 8), page B-29
Context C Configuration (Primary FWSM—Example 8), page B-29
Internet
Trunk:
VLANs 10 and 11
Context C
VLAN 6
Context B
VLAN 5
Context A
VLAN 4
Failover Example Configurations
VLAN 202
10.0.9.1
10.0.5.2
192.168.1.2
Secondary
192.168.2.2
Failover Group 2
Active
Active Contexts
-Context C
B-27