cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
713
Views
0
Helpful
2
Replies

ASA contexts interconnected

yann.boulet
Level 1
Level 1

Hi,

I have an ASA5520 with 3 contexts one is the default route for the two others contexts. To interconnect them, I created a VLAN Interface in the system context that is shared with the 3 contexts. I can see the interface in each context. I can ping IP addresses of each interface in this vlan from each context. The default route on the two slaves contexts goes to the IP address of the main context. the return route for the slave context is known from the main context.

I tried to check traffic from slave context to main context I can see in the monitoring that traffic is going to egress interconnected interface of one slave context but I have nothing in the monitoring on the ingress interface of the main context. I checked my security level and traffic allowed on less secure network everything seems to be correct.

On my test, i only tried to install DNS from slave context to DNS forwarder on the main context so I use TELNET "TO IP ADDRESS IN MAIN CONTEXT" 53

If you can give me some help ?

thanks

1 Accepted Solution

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

What you are trying to achieve is called cascading contexts, and the requirement is to have unique mac address for each context interface.

Here is the URL for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1146927

Here is how to automatically assign mac address to each context interfaces:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1147763

Hope that helps.

View solution in original post

2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

What you are trying to achieve is called cascading contexts, and the requirement is to have unique mac address for each context interface.

Here is the URL for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1146927

Here is how to automatically assign mac address to each context interfaces:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1147763

Hope that helps.

Many thanks halijenn

Grea t!! I use the command : mac-address auto prefix "my prefix"

I lost the connection because of new mac-address generated.

I clear arp tables on each context and everything can now communicate.

Many thanks for you and for this community

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: