Sharing Interfaces Between Contexts - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 4
Configuring Security Contexts
Security Context Overview
Figure 4-3
shows a transparent firewall with a host on the Context B inside network accessing the
Internet. The classifier assigns the packet to Context B because the ingress interface is VLAN 300,
which is assigned to Context B.
Figure 4-3
Transparent Firewall Contexts
Internet
Classifier
VLAN 200
VLAN 100
VLAN 300
Admin
Context A
Context B
Context
FWSM
FWSM
FWSM
VLAN 150
VLAN 250
VLAN 350
Inside
Admin
Inside
Customer B
Network
Customer A
Host
Host
Host
10.1.1.13
10.1.2.13
10.1.3.13
Sharing Interfaces Between Contexts
The FWSM lets you share an interface between contexts. For transparent mode, you can only share a
management-only VLAN; all through-traffic interfaces must be unique. For management traffic destined
for an interface, the interface IP address is used for classification. For non-management-only VLANs in
routed mode, packet classification requirements might make sharing interfaces impractical. Because the
classifier relies on active NAT sessions to classify the destination addresses to a context, the classifier is
limited by how you can configure NAT. If you do not want to perform NAT, you must use unique
interfaces.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
4-7
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
