11-06-2008 07:42 PM - edited 03-11-2019 07:09 AM
Hi all, I m facing problem with ASA, here is scenario for the same,
I have 2 cisco ASA 5540 with multiple context.
Configured in active -active failover. My primary admin context is
working without any hassel. But when I tried to connect to outside
interface (secondary firewall)of admin contex it gives me an error
log - "ifc-classify --Virtual firewall classification failed."
From the same device if I connected from 'inside' - I am
able to. But not able to send any outside traffic. (Not able to
connect to gateway IP of outside interface.)
Please help.
Thanks in advance.
Solved! Go to Solution.
11-06-2008 10:56 PM
I would suggest you go thru this link (example 3) - Shared Resources for Multiple Contexts.
This example also has the nat/global config.
http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/examples.html#wp1009684
11-06-2008 10:19 PM
This happens when a packet arrived on a shared interface, but failed to classify to any specific context interface.
Use the global or static command to specify the IPv4 addresses that belong to each context interface.
11-06-2008 10:33 PM
Sorry, But I get this option. But dont know how configure global or static command.
Please, please help!
11-06-2008 10:56 PM
I would suggest you go thru this link (example 3) - Shared Resources for Multiple Contexts.
This example also has the nat/global config.
http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/examples.html#wp1009684
11-07-2008 01:14 AM
Still Unfortunate--
I tried to put static and global commands but no result.
11-07-2008 10:09 AM
could you share the sanitized config.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: