Chapter 5
Managing Security Contexts
For transparent firewalls, interfaces do not have IP addresses, so you must use unique VLANs (see
Figure
Figure 5-3
Switch
Admin
Context
IP Routing Support
Security contexts support only static routes. You cannot enable OSPF or RIP in multiple context mode.
Sharing Resources and Interfaces Between Contexts
The FWSM allows you to share an interface between contexts. Typically in routed mode, you share the
outside interface to conserve VLANs. You can also share inside VLANs to share resources between
contexts, or you can place the shared resource on a single context and provide access to that resource to
other contexts.
This section includes the following topics:
•
•
OL-6392-01
5-3):
Transparent Firewall Contexts
VLAN 151
VLAN 150
Context A
VLAN 201
Admin
Inside
Network
Customer A
Sharing Resources, page 5-6
Shared Interface Limitations, page 5-7
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Internet
VLAN 100
VLAN 152
Context B
VLAN 202
VLAN 203
Inside
Customer B
Security Context Overview
VLAN 153
Context C
Same subnet on
inside and outside
VLANs
VLAN 204
Inside
Customer C
5-5