multiple mode for ASA5520 v7.2

Unanswered Question
Dec 18th, 2006
User Badges:

Could anyone advice me:

I have two contents and they both use interface G0/1 as outside interface; can I configure it on same subnet?


for example:

on contents admin:

interface g 0/1

nameif outside

security-level 0

ip address 10.1.1.10 255.255.255.0 standby 10.1.1.2


on contents admin2

interface g 0/1

nameif outside

security-level 0

ip address 10.1.1.100 255.255.255.0 standby 10.1.1.102


Any comments will be appreciated


Thanks in advance



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
spremkumar Mon, 12/18/2006 - 23:02
User Badges:
  • Red, 2250 points or more

Hi


I dont think you will be able to configure the same ip address on both the interfaces..


regds


julxu Tue, 12/19/2006 - 14:15
User Badges:

not same ip address, different ip address, but same subnet.


I am trying to configure virtual firewall (with load balancing) using two css11506s.


so, I would like to know if the outside interface for both contents (with active/active) can be same subnet.


I have got impress that they have to be diferent subnet. But, when I do configuration, I can put them on two different ip addresses but same subnet.


Could I get confirm:

if I can using same subnet on outside interface for two contents?


Any Regards


Fernando_Meza Tue, 12/19/2006 - 15:33
User Badges:
  • Gold, 750 points or more

HI .. from teh CCSP book it reads ..


The Security Appliance allows interfaces to be shared between contexts. This is allowed only

with adherence to the following guidelines:

■ The Security Appliance must be in routed mode.

■ The shared interface must have either a unique IP address for each context or a unique

VLAN for each context that will be using it.


So in your situation is it OK however you need to carefully planing NAT as this will tell the ASA which context to send the incoming packets.


I hope it helps .. please rate it if it does !!!







Actions

This Discussion