Customer is building a management network within the overall data network.
Customer has a pair of ASA's doing Active/Active multi-context with IPS modules. These ASA's are located in two different data centers served by two different service providers.
Customer wants to establish a third new device management Admin context to exist in their L3 device mgmt VRF, but exist along side the existing production data contexts.
Question: in this above configuration, is there any requirement for Admin contexts to be configured in a failover arrangement on the pair of ASA's doing Active/Active for the other contexts, such that they require the same L2 connectivity between the firewalls for a given context?
Or, can the Admin context(s) on each firewall exist independently using unique IP addresses...
(This approach would require no additional L2 span between the data centers where each physical ASA is located, and would allow each firewall to be individually accessed through it's won unique IP address, i.e. the FW's, from an admin perspective, would exist on two different VLANs)?