Individual Admin Contexts on Active/Active pair...
Customer is building a management network within the overall data network.
Customer has a pair of ASA's doing Active/Active multi-context with IPS modules. These ASA's are located in two different data centers served by two different service providers.
Customer wants to establish a third new device management Admin context to exist in their L3 device mgmt VRF, but exist along side the existing production data contexts.
Question: in this above configuration, is there any requirement for Admin contexts to be configured in a failover arrangement on the pair of ASA's doing Active/Active for the other contexts, such that they require the same L2 connectivity between the firewalls for a given context?
Or, can the Admin context(s) on each firewall exist independently using unique IP addresses...
(This approach would require no additional L2 span between the data centers where each physical ASA is located, and would allow each firewall to be individually accessed through it's won unique IP address, i.e. the FW's, from an admin perspective, would exist on two different VLANs)?
Re: Individual Admin Contexts on Active/Active pair...
Thanks - that is how I interpreted this line as well. Any admin context (and you only get one per firewall, would appear in the same failover group, so, 1) they would be failover partners of one another and 2) the ASA would view Any L3 addressing for the context as being required to be within the same VLAN.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :