From: Akhtar Rasool (akhtar.samo@gmail.com)
Date: Mon Feb 11 2008 - 13:19:50 ARST
Hi all,
Can we use a single Virtual Context for filtering traffic from Multiple
VLANs. It should be any how possible b/c we are having a license of only 20
or 22 Virtual Contexts & lots Customer VLANs.
I tried to make a 2nd SVI(int Vlan56) an Internal interface but its not
working......... Do help me out so that this context(Companyxyz-Internal)
fiters traffic for multiple VLANs.
FWSM Firewall Version 3.2(2)
CFWSM-FW# sh run
interface Vlan30
description CUSTOMER-1
!
interface Vlan50
description External
interface Vlan56
description CUSTOMER-2
admin-context Companyxyz-Internal
context Companyxyz-Internal
description admin-context Companyxyz-Internal
allocate-interface Vlan30
allocate-interface Vlan56
allocate-interface Vlan50
config-url disk:/Companyxyz-Internal
join-failover-group 1
CFWSM-FW# changeto context Companyxyz-Internal
CFWSM-FW/Companyxyz-Internal#sh run
interface Vlan30
nameif inside
security-level 100
ip address 172.16.33.1 255.255.255.0 standby 172.16.33.2
!
interface Vlan50
nameif outside
security-level 0
ip address 172.16.66.4 255.255.255.248 standby 172.16.66.5
interface Vlan56
no nameif
no security-level
no ip address
CFWSM-FW/Companyxyz-Internal(config)# int vlan 56
**** WARNING ****
Configuration Replication is NOT performed from Standby unit to Active unit.
Configurations are no longer synchronized.
CFWSM-FW/Companyxyz-Internal(config-if)# nameif inside
WARNING: VLAN *56* is not configured.
*ERROR: Name "inside" has been assigned to interface Vlan51
*CFWSM-FW/Companyxyz-Internal(config-if)#
Regards,
Akhtar
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:48 ARST