Management Interface in Multi-context mode

Unanswered Question
Nov 5th, 2008
User Badges:

On an ASA5580 using 8.0(4). I want to make sure that each context is able to generate syslogs and traps sent over the management interface. I know that 'logging device-id context-name' will label the log messages with the context name but is it necessary to allocate the management interface to each context?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Wed, 11/05/2008 - 06:05
User Badges:
  • Red, 2250 points or more

Each context has its own IP connectivity except the system context. The system context borrows the IP connectivity from the admin context. Logging in independent in each context.


Regards


Farrukh

pmjordan Wed, 11/05/2008 - 07:22
User Badges:

So you mean yes, it is necessary to allocate the management interface to the contexts other than the system context?


Farrukh Haroon Thu, 11/06/2008 - 01:58
User Badges:
  • Red, 2250 points or more

What I mean is that each context is a separate firewall and it has its own logging buffer. If you want to log all you have to configure logging on each context. You can use any interface to send out this logging information based on your routing, using the mangement interface is not necessary but better for security (separate out of management zone). This is specially true for syslog as its clear text. Newer ASA code supports secure logging as well.


Regards


Farrukh

pmjordan Wed, 11/05/2008 - 08:15
User Badges:

So you mean yes, it is necessary to allocate the management interface to the contexts other than the system context?


Actions

This Discussion