04-13-2010 02:06 AM - edited 03-11-2019 10:32 AM
Hi,
I have an ASA5520 with 3 contexts one is the default route for the two others contexts. To interconnect them, I created a VLAN Interface in the system context that is shared with the 3 contexts. I can see the interface in each context. I can ping IP addresses of each interface in this vlan from each context. The default route on the two slaves contexts goes to the IP address of the main context. the return route for the slave context is known from the main context.
I tried to check traffic from slave context to main context I can see in the monitoring that traffic is going to egress interconnected interface of one slave context but I have nothing in the monitoring on the ingress interface of the main context. I checked my security level and traffic allowed on less secure network everything seems to be correct.
On my test, i only tried to install DNS from slave context to DNS forwarder on the main context so I use TELNET "TO IP ADDRESS IN MAIN CONTEXT" 53
If you can give me some help ?
thanks
Solved! Go to Solution.
04-13-2010 02:28 AM
What you are trying to achieve is called cascading contexts, and the requirement is to have unique mac address for each context interface.
Here is the URL for your reference:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1146927
Here is how to automatically assign mac address to each context interfaces:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1147763
Hope that helps.
04-13-2010 02:28 AM
What you are trying to achieve is called cascading contexts, and the requirement is to have unique mac address for each context interface.
Here is the URL for your reference:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1146927
Here is how to automatically assign mac address to each context interfaces:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1147763
Hope that helps.
04-13-2010 04:30 AM
Many thanks halijenn
Grea t!! I use the command : mac-address auto prefix "my prefix"
I lost the connection because of new mac-address generated.
I clear arp tables on each context and everything can now communicate.
Many thanks for you and for this community
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: