Sample Configurations
This appendix illustrates and describes a number of common ways to implement FWSM, and includes
the following sections:
•
•
•
Routed Mode Sample Configurations
This section includes the following topics:
•
•
•
•
Example 1: Multiple Mode Firewall with Outside Access
The following configuration creates three security contexts plus the admin context, each with an inside
and an outside interface. The Customer C context includes a DMZ interface where a Websense server
for HTTP filtering resides on the service provider premises (see
Inside hosts can access the Internet through the outside interface using dynamic NAT or PAT, but no
outside hosts can access the inside.
The Customer A context has a second network behind an inside router.
The admin context allows SSH sessions to FWSM from one host.
Each customer context belongs to a class that limits its resources (gold, silver, or bronze).
Although inside IP addresses can be the same across contexts when the interfaces are unique, keeping
them unique is easier to manage.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Routed Mode Sample Configurations, page B-1
Transparent Mode Sample Configurations, page B-14
Failover Example Configurations, page B-18
Example 1: Multiple Mode Firewall with Outside Access, page B-1
Example 2: Single Mode Firewall Using Same Security Level Example, page B-6
Example 3: Shared Resources for Multiple Contexts Example, page B-8
Example 4: IPv6 Configuration Example, page B-13
A P P E N D I X
Figure
B-1).
B
B-1