Transparent multiple context... where is the problem...

Unanswered Question


I try to configure an ASA appliance in transparent multiple context mode. My topology is like this :

Router (Gi0/0.101

                      \--- (Eth0/0.101) ASA (Eth0/1.1)

                                                            \--- (Fa0/1 Trunk) Switch (Fa0/2 VLAN 1)

                                                                                                         \--- Host (

Some information :

     - Subinterface and VLAN correspond (ex. Eth0/0.101 = VLAN 101, Eth0/1.1 = VLAN 1) 

     - Eth0/0.101 and Eth0/1.1 are VLAN allocated to my admin context

     - Admin context use as IP address

     - All interfaces are up !

I can ping from but I can't ping from or

Do you see a problem in my topology ?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
wromsait Wed, 09/29/2010 - 18:15
User Badges:

Hello Jerome,

I suspect the issue is between the ASA Eth0/1.1 and your Switch Fa0/1 trunk.  On the switch, usually by default vlan 1 is the native vlan and this vlan is not tagged on the switch side.  However, your traffic on the ASA side will be tagged with the dot1q header.   Can you try configuring the ip on the main interface of the ASA Eth0/1 instead of Eth0/1.1 and see if this makes a difference ?  Or use a different vlan other than 1 between the Eth0/1.1 and the Fa0/1 on the trunk.

Hope this helps.

Nagaraja Thanthry Wed, 09/29/2010 - 18:58
User Badges:
  • Cisco Employee,


An easier alternative is to change the native VLAN on the switch. Since ASA anyways does not understand the native VLAN concept, it should not matter.




This Discussion