ASA 5520 and Virtual Contexts

Hi, I have been lucky enough to get my hands on 3 of these devices to install. Great machines !!!!

I am having a difference of opionion with the collegue who has designed the solution. He has designed it with 3 Virtual Contexts all using shared interfaces. i.e all 3 VC's share the outside and inside interfaces.

He is of the opinion, that he only needs to put ip addresses on the 'admin' context interfaces, and not the other 2 contexts, his reasoning is that when the packets are classified the ASA will direct the traffic to the correct VC.

Now I have been fiddling on these for some time, and I cannot get it to work without ip addresses on the interfaces of each virtual context. My view is that each and every virtual context interface requires it's own ip address. (On a side note, I can get traffic into a VC without a ip address, but just cannot get it to exit)

Can you please confirm for me if each VC interface requires an ip address when the interfaces are shared i.e. VC 1 outside, VC 2 outside, VC 3 etc, I have read alot of literature, and cannot find it specifically stated, hence why there is disagreement.

Thankyou in advance.

Re: ASA 5520 and Virtual Contexts


I don't have the ASA 5520 but rather a PIX515 however the VC scenario should be the same.

Each VC interface will require it's own IP address and associated configuration.

