cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
465
Views
0
Helpful
2
Replies

Transparent multiple context... where is the problem...

jquintard
Level 1
Level 1

Hello,

I try to configure an ASA appliance in transparent multiple context mode. My topology is like this :

Router (Gi0/0.101 10.10.10.1)

                      \--- (Eth0/0.101) ASA (Eth0/1.1)

                                                            \--- (Fa0/1 Trunk) Switch (Fa0/2 VLAN 1)

                                                                                                         \--- Host (10.10.10.100)

Some information :

     - Subinterface and VLAN correspond (ex. Eth0/0.101 = VLAN 101, Eth0/1.1 = VLAN 1) 

     - Eth0/0.101 and Eth0/1.1 are VLAN allocated to my admin context

     - Admin context use 10.10.10.2 as IP address

     - All interfaces are up !

I can ping 10.10.10.2 from 10.10.10.1 but I can't ping 10.10.10.100 from 10.10.10.2 or 10.10.10.1.

Do you see a problem in my topology ?

Jerome

2 Replies 2

wromsait
Level 1
Level 1

Hello Jerome,

I suspect the issue is between the ASA Eth0/1.1 and your Switch Fa0/1 trunk.  On the switch, usually by default vlan 1 is the native vlan and this vlan is not tagged on the switch side.  However, your traffic on the ASA side will be tagged with the dot1q header.   Can you try configuring the ip on the main interface of the ASA Eth0/1 instead of Eth0/1.1 and see if this makes a difference ?  Or use a different vlan other than 1 between the Eth0/1.1 and the Fa0/1 on the trunk.

Hope this helps.

Hello,

An easier alternative is to change the native VLAN on the switch. Since ASA anyways does not understand the native VLAN concept, it should not matter.

Regards,

NT

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: