cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
284
Views
0
Helpful
1
Replies

Routing through ASA fails when entering a nameif in a second context

dblack
Level 1
Level 1

I have an ASA 5520, running 7.0(6), that I have configured for multiple contexts. Each context has a separate outside network, but I intend for them to each be on the same inside subnet.

Interface gi0/2 is connected to the inside subnet, and this interface is allocated to each context. Interface gi0/3.201 is set as VLAN 201 and allocated to one context, and interface gi0/3.202 is set as VLAN 202 and allocated to one other context.

When I configure the first context and direct internal traffic to the IP assigned to gi0/2 in the context as the gateway, everything works perfectly. When I switch to the second context, enter interface configuration mode for gi0/2, and apply a nameif, the connection routed through the first context fails.

More detail:

The first context is routing traffic out from the local network to the Internet. On an internal host, I setup a ping to google.com. When I return to the ASA and enter the nameif for the gi0/2 interface on the second context, the ping stops. If in enter 'no nameif' the ping picks back up.

What am I missing? Or is this possibly a bug fixed in a later software release?

1 Reply 1

cpembleton
Level 4
Level 4

When using a shared interface they use the same burned-in mac address by default. The router will not be able to route to the ASA because of the invalid arp entries.

2 ways to fix.

Globally setup auto mac-address creation

changeto context system

conf t

mac-address auto

or

go under each shared interface on each context and manually set unique mac

changeto context NAME

conf t

int gi0/2

mac-address H.H.H

Thanks

Chad

Please rate if helpful!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: