Management Interface in Multi-context mode

Unanswered Question
Nov 5th, 2008

On an ASA5580 using 8.0(4). I want to make sure that each context is able to generate syslogs and traps sent over the management interface. I know that 'logging device-id context-name' will label the log messages with the context name but is it necessary to allocate the management interface to each context?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Wed, 11/05/2008 - 06:05

Each context has its own IP connectivity except the system context. The system context borrows the IP connectivity from the admin context. Logging in independent in each context.

Regards

Farrukh

pmjordan Wed, 11/05/2008 - 07:22

So you mean yes, it is necessary to allocate the management interface to the contexts other than the system context?

Farrukh Haroon Thu, 11/06/2008 - 01:58

What I mean is that each context is a separate firewall and it has its own logging buffer. If you want to log all you have to configure logging on each context. You can use any interface to send out this logging information based on your routing, using the mangement interface is not necessary but better for security (separate out of management zone). This is specially true for syslog as its clear text. Newer ASA code supports secure logging as well.

Regards

Farrukh

pmjordan Wed, 11/05/2008 - 08:15

So you mean yes, it is necessary to allocate the management interface to the contexts other than the system context?

Actions

This Discussion