Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA active active design

Hi

I configurate ASA's in active active mode. I create 10 context's in Primary ASA. 5 context are in group1 in ASA1 and 5 conetexts are in group2 in ASA2.

The problem assign ip address to outside interface of context's.

I use int gi0/0 and gi0/1 for outside interfaces. 5 contexts are in gi0/0 and 5 contexts are in gi0/1 interface.

gi0/2-gi0/6 for inside interface.

I create subinterface in inside interfaces and assign different vlan. In different conetext give different subnet. That is ok.

The issue is:

i want to use the same subnet but differen ip for outside interface of context's. is it possible?  I configurate eigrp protocol in Context's.

Thanks.

2 REPLIES
New Member

ASA active active design

Dears

i find the documentation

http://www9.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808d2b63.shtml#mul

But this is version 7.x

Assign the Same IP Address to the Shared Interfaces in the Multiple Context Mode

Assigning the same IP address to the shared interface is not possible. A shared interface over multiple contexts allows us to simulate virtual firewalls over the same LAN segment. When the same IP address is assigned to the shared interface, for example shared over multiple contexts, it gives an IP address conflict error. The ASA will not allow this configuration because of the ARP issue between the contexts for the same IP address.

The error is shown here for your reference: ERROR: This address conflicts with another address on net.

Here is wroten that same ip address but i want to configurate same subnet but different ip address. is it possible?

i use 9.1 version in ASA's

Super Bronze

ASA active active design

Hi,

There should be no problem using different IP addresses from the same subnet in different Security Contexts.

The networks which you can use in a specific Security Context depends on which physical interface they are using as their external WAN Interface. It also naturally depends how you have connected those interfaces to the L3 device / Router in front of the pair of ASAs

- Jouni

268
Views
0
Helpful
2
Replies