Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Outside interface on Multiple context ASA

Hi Everyone,

Need to confirm below

If we have ASA in multi context mode and it has only single interface say gi2 that is shared between 2 contexts and its subinterfaces have different

IP address then we can confirm that this is the outside interface of the ASA as a whole?

Regards

Mahesh

2 ACCEPTED SOLUTIONS

Accepted Solutions
Super Bronze

Outside interface on Multiple context ASA

Hi,

If the ASA only is connected through the physical interface Gi0/2 to the next device and its divided into subinterfaces then it would seem that one of those interfaces is used for outside connectivity.

Judging by what you say the ASA has a single Trunk link to some neighbor device and subinterfaces are used to handle "inside" , "dmz" , "outside" and all other kinds of interfaces for the actual Security Contexts.

Without seeing any configurations I dont know if there is anything else that can be said of the setup.

- Jouni

Super Bronze

Outside interface on Multiple context ASA

Hi,

Well it depends.

I think by default the ASA is set to have same MAC address for each subinterface of a single physical interface.

To my understanding this is changed by setting the "mac-address auto" in the System Context configuration after which the ASA generates MAC addresses for the interfaces. The default setting is, as I said, "no mac-address auto".

Or you can even set the interfaces MAC address under the interface configuration mode.

Here is a link to a command reference which explains the command use

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2043127

- Jouni

4 REPLIES
Super Bronze

Outside interface on Multiple context ASA

Hi,

If the ASA only is connected through the physical interface Gi0/2 to the next device and its divided into subinterfaces then it would seem that one of those interfaces is used for outside connectivity.

Judging by what you say the ASA has a single Trunk link to some neighbor device and subinterfaces are used to handle "inside" , "dmz" , "outside" and all other kinds of interfaces for the actual Security Contexts.

Without seeing any configurations I dont know if there is anything else that can be said of the setup.

- Jouni

New Member

Outside interface on Multiple context ASA

Hi Jouni,

For current setup seems gi0/2 is outside int of ASA.

Also the shared interface which is Gi0/2  has different mac address for each context i mean to say

context admin

int gi0/2.3  has say mac of 1234

context x 

int gi0/2.5  has say mac of 6789

So this is default behaviour?

Regards

MAhesh

Super Bronze

Outside interface on Multiple context ASA

Hi,

Well it depends.

I think by default the ASA is set to have same MAC address for each subinterface of a single physical interface.

To my understanding this is changed by setting the "mac-address auto" in the System Context configuration after which the ASA generates MAC addresses for the interfaces. The default setting is, as I said, "no mac-address auto".

Or you can even set the interfaces MAC address under the interface configuration mode.

Here is a link to a command reference which explains the command use

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2043127

- Jouni

New Member

Outside interface on Multiple context ASA

Hi Jouni,

Many thanks

Best reagrds

Mahesh

171
Views
0
Helpful
4
Replies
CreatePlease to create content