Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Routing through ASA fails when entering a nameif in a second context

I have an ASA 5520, running 7.0(6), that I have configured for multiple contexts. Each context has a separate outside network, but I intend for them to each be on the same inside subnet.

Interface gi0/2 is connected to the inside subnet, and this interface is allocated to each context. Interface gi0/3.201 is set as VLAN 201 and allocated to one context, and interface gi0/3.202 is set as VLAN 202 and allocated to one other context.

When I configure the first context and direct internal traffic to the IP assigned to gi0/2 in the context as the gateway, everything works perfectly. When I switch to the second context, enter interface configuration mode for gi0/2, and apply a nameif, the connection routed through the first context fails.

More detail:

The first context is routing traffic out from the local network to the Internet. On an internal host, I setup a ping to google.com. When I return to the ASA and enter the nameif for the gi0/2 interface on the second context, the ping stops. If in enter 'no nameif' the ping picks back up.

What am I missing? Or is this possibly a bug fixed in a later software release?

1 REPLY
Silver

Re: Routing through ASA fails when entering a nameif in a second

When using a shared interface they use the same burned-in mac address by default. The router will not be able to route to the ASA because of the invalid arp entries.

2 ways to fix.

Globally setup auto mac-address creation

changeto context system

conf t

mac-address auto

or

go under each shared interface on each context and manually set unique mac

changeto context NAME

conf t

int gi0/2

mac-address H.H.H

Thanks

Chad

Please rate if helpful!

114
Views
0
Helpful
1
Replies
CreatePlease login to create content