Routing through ASA fails when entering a nameif in a second context

dblack · ‎03-27-2008

I have an ASA 5520, running 7.0(6), that I have configured for multiple contexts. Each context has a separate outside network, but I intend for them to each be on the same inside subnet.

Interface gi0/2 is connected to the inside subnet, and this interface is allocated to each context. Interface gi0/3.201 is set as VLAN 201 and allocated to one context, and interface gi0/3.202 is set as VLAN 202 and allocated to one other context.

When I configure the first context and direct internal traffic to the IP assigned to gi0/2 in the context as the gateway, everything works perfectly. When I switch to the second context, enter interface configuration mode for gi0/2, and apply a nameif, the connection routed through the first context fails.

More detail:

The first context is routing traffic out from the local network to the Internet. On an internal host, I setup a ping to google.com. When I return to the ASA and enter the nameif for the gi0/2 interface on the second context, the ping stops. If in enter 'no nameif' the ping picks back up.

What am I missing? Or is this possibly a bug fixed in a later software release?

cpembleton · ‎04-01-2008

When using a shared interface they use the same burned-in mac address by default. The router will not be able to route to the ASA because of the invalid arp entries.

2 ways to fix.

Globally setup auto mac-address creation

changeto context system

conf t

mac-address auto

or

go under each shared interface on each context and manually set unique mac

changeto context NAME

conf t

int gi0/2

mac-address H.H.H

Thanks

Chad

Please rate if helpful!