I have an FWSM on 6509 and want to create two contexts sharing interfaces. I am able to do this for "Outside" interface for which inside to outside static NAT exists. But if I create second context for "Management" interface, connectivity from server in management interface to other interfaces in first context is lost.
I have tried Global and Static NAT also for inside to Management in second context, but it is not working.
Does anybody have any idea, what may be the cause of this problem?
The link at the bottom of my post might be useful. It explains the logic used by the FWSM when multiple contexts share the same interface. Basically, the fwsm looks at the destination and checks for a NAT. If there isn't one, it doesn't know what to do with the packet.
In your case, if your management network has to get to the Internet, you would have a problem. Say server 220.127.116.11 sent a packet to context 1 destined for 18.104.22.168 on the internet. The FWSM would receive it and look for a translation for 22.214.171.124 to decide which context it belongs to. Unless you want to static NAT all IPs on the Internet, you will have a challenge.
Now if you don't care about Internet access from the management segment, you can set up statics for the management interface on each context. So for example, say management is 126.96.36.199/24, inside of context 1 is 10.10.10.0/24, and inside on context 2 is 10.20.20.0/24. You could just set up:
Thanks eric for the reply. I am still facing the problem as described under.
I have created two contexts ContextA and ContextB. Each is having VLAN100 for Outside with IPs 100.100.100.1 and 100.100.100.2 respectively. Now I create an interface with name Management with VLAN 200 in ContextA with IP 188.8.131.52 and a static statement as under
where 100.100.100.10 is a server in Management VLAN
It works fine, means I am able to access its resources from Outside. But as soon as I create the Management interface in ContextB with IP 184.108.40.206, Outside stops communicating with both the contexts.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...