cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2124
Views
0
Helpful
1
Replies

ASA 8.2(1) Routing between contexts

seba
Level 1
Level 1

Hello

I have an ASA with to contexts which share two interfaces (see attached graphic). Both contexts run on the same 5540

I want to ssh Context B firewall from the Intranet, but it doesn't work.

IP Routers are ok.

I have configured access-lists on Context A, an they're matched.

A Capture shows that traffic gets to the inside interface of Context A, but it doen't show anything on the interface shared with context B.

I can ping from context A to Context B but Context B MAC address is not shown in Context A (neither on the other way).

From 192.168.5.0/0 netwok I can see both context's MACs an ssh both of them

If both contexts run on the same hardware. How is traffic routed between contexts? Is there a kind of virtual interface??

capture captura type raw-data access-list captura interface redfw1 [Capturing - 656 bytes]
capture captura2 type raw-data access-list captura interface inside1 [Capturing - 0 bytes]

show capture captura

   1: 10:05:52.500889 802.1Q vlan#207 P0 10.240.1.1.1546 > 192.168.5.252.22: S 3701265995:3701265995(0) win 65535 <mss 1380,nop,nop,sackOK>
   2: 10:05:55.447944 802.1Q vlan#207 P0 10.240.1.1.1546 > 192.168.5.252.22: S 3701265995:3701265995(0) win 65535 <mss 1380,nop,nop,sackOK>
   3: 10:06:01.463568 802.1Q vlan#207 P0 10.240.1.1.1546 > 192.168.5.252.22: S 3701265995:3701265995(0) win 65535 <mss 1380,nop,nop,sackOK>
   4: 10:06:13.495152 802.1Q vlan#207 P0 10.240.1.1.1546 > 192.168.5.252.22: S 2126103373:2126103373(0) win 65535 <mss 1380,nop,nop,sackOK>
   5: 10:07:11.963176 802.1Q vlan#207 P0 10.240.1.1.1670 > 192.168.5.252.22: S 1470710979:1470710979(0) win 65535 <mss 1380,nop,nop,sackOK>
   6: 10:07:14.931470 802.1Q vlan#207 P0 10.240.1.1.1670 > 192.168.5.252.22: S 1470710979:1470710979(0) win 65535 <mss 1380,nop,nop,sackOK>
   7: 10:07:20.947109 802.1Q vlan#207 P0 10.240.1.1.1670 > 192.168.5.252.22: S 1470710979:1470710979(0) win 65535 <mss 1380,nop,nop,sackOK>
   8: 10:07:32.979334 802.1Q vlan#207 P0 10.240.1.1.1670 > 192.168.5.252.22: S 149075897:149075897(0) win 65535 <mss 1380,nop,nop,sackOK>

show capture captura2

0 packet captured

0 packet shown

THANK YOU IN ADVANCE

1 Reply 1

seba
Level 1
Level 1

It works. It was a matter of statics

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: