Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2131
Views
0
Helpful
1
Replies

ASA 8.2(1) Routing between contexts

seba
Level 1
Level 1

‎02-05-2010 01:49 AM - edited ‎03-11-2019 10:05 AM

Hello

I have an ASA with to contexts which share two interfaces (see attached graphic). Both contexts run on the same 5540

I want to ssh Context B firewall from the Intranet, but it doesn't work.

IP Routers are ok.

I have configured access-lists on Context A, an they're matched.

A Capture shows that traffic gets to the inside interface of Context A, but it doen't show anything on the interface shared with context B.

I can ping from context A to Context B but Context B MAC address is not shown in Context A (neither on the other way).

From 192.168.5.0/0 netwok I can see both context's MACs an ssh both of them

If both contexts run on the same hardware. How is traffic routed between contexts? Is there a kind of virtual interface??

capture captura type raw-data access-list captura interface redfw1 [Capturing - 656 bytes]
capture captura2 type raw-data access-list captura interface inside1 [Capturing - 0 bytes]

show capture captura

   1: 10:05:52.500889 802.1Q vlan#207 P0 10.240.1.1.1546 > 192.168.5.252.22: S 3701265995:3701265995(0) win 65535 <mss 1380,nop,nop,sackOK>
   2: 10:05:55.447944 802.1Q vlan#207 P0 10.240.1.1.1546 > 192.168.5.252.22: S 3701265995:3701265995(0) win 65535 <mss 1380,nop,nop,sackOK>
   3: 10:06:01.463568 802.1Q vlan#207 P0 10.240.1.1.1546 > 192.168.5.252.22: S 3701265995:3701265995(0) win 65535 <mss 1380,nop,nop,sackOK>
   4: 10:06:13.495152 802.1Q vlan#207 P0 10.240.1.1.1546 > 192.168.5.252.22: S 2126103373:2126103373(0) win 65535 <mss 1380,nop,nop,sackOK>
   5: 10:07:11.963176 802.1Q vlan#207 P0 10.240.1.1.1670 > 192.168.5.252.22: S 1470710979:1470710979(0) win 65535 <mss 1380,nop,nop,sackOK>
   6: 10:07:14.931470 802.1Q vlan#207 P0 10.240.1.1.1670 > 192.168.5.252.22: S 1470710979:1470710979(0) win 65535 <mss 1380,nop,nop,sackOK>
   7: 10:07:20.947109 802.1Q vlan#207 P0 10.240.1.1.1670 > 192.168.5.252.22: S 1470710979:1470710979(0) win 65535 <mss 1380,nop,nop,sackOK>
   8: 10:07:32.979334 802.1Q vlan#207 P0 10.240.1.1.1670 > 192.168.5.252.22: S 149075897:149075897(0) win 65535 <mss 1380,nop,nop,sackOK>

show capture captura2

0 packet captured

0 packet shown

THANK YOU IN ADVANCE

Labels:
Preview file
26 KB
0 Helpful
1 Reply 1

seba
Level 1
Level 1

‎02-05-2010 05:55 AM

It works. It was a matter of statics

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card