ASA contexts interconnected

Answered Question
Apr 13th, 2010

Hi,

I have an ASA5520 with 3 contexts one is the default route for the two others contexts. To interconnect them, I created a VLAN Interface in the system context that is shared with the 3 contexts. I can see the interface in each context. I can ping IP addresses of each interface in this vlan from each context. The default route on the two slaves contexts goes to the IP address of the main context. the return route for the slave context is known from the main context.

I tried to check traffic from slave context to main context I can see in the monitoring that traffic is going to egress interconnected interface of one slave context but I have nothing in the monitoring on the ingress interface of the main context. I checked my security level and traffic allowed on less secure network everything seems to be correct.

On my test, i only tried to install DNS from slave context to DNS forwarder on the main context so I use TELNET "TO IP ADDRESS IN MAIN CONTEXT" 53

If you can give me some help ?

thanks

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 9 months ago

What you are trying to achieve is called cascading contexts, and the requirement is to have unique mac address for each context interface.

Here is the URL for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1146927

Here is how to automatically assign mac address to each context interfaces:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1147763

Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Tue, 04/13/2010 - 02:28

What you are trying to achieve is called cascading contexts, and the requirement is to have unique mac address for each context interface.

Here is the URL for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1146927

Here is how to automatically assign mac address to each context interfaces:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1147763

Hope that helps.

yann.boulet Tue, 04/13/2010 - 04:30

Many thanks halijenn

Grea t!! I use the command : mac-address auto prefix "my prefix"

I lost the connection because of new mac-address generated.

I clear arp tables on each context and everything can now communicate.

Many thanks for you and for this community

Actions

This Discussion