https://community.cisco.com/t5/network-security/adding-acl-in-multicontext-firewall/m-p/2281727#M344829 <HTML><HEAD></HEAD><BODY><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Hi Jouni,</P><P></P><P>Thanks for prompt reply.</P><P></P><P>Best Regards</P><P>Mahesh</P></BODY></HTML> Tue, 13 Aug 2013 01:42:16 GMT mahesh18 2013-08-13T01:42:16Z https://community.cisco.com/t5/network-security/adding-acl-in-multicontext-firewall/m-p/2281725#M344827 <P>Hi Everyone,</P><P></P><P>Need to confirm below is the right way to make changes in firewall when they are in multi context mode--Active ,Active </P><P>Need to add ACL in 2 firewalls.</P><P></P><P>Say ASA1 has two contexts admin and a</P><P></P><P>When i logon to say IP 192.168.1.1&nbsp; i go to ASA1/admin&nbsp; which is primary ASA&nbsp; and active for context admin.</P><P>Context a is standby here.</P><P></P><P>Here i added the ACL&nbsp; rule under the admin context&nbsp; of ASA1.</P><P></P><P>Now i log onto second say hostname ASA1</P><P>Here say i log onto IP 192..168.1.2 go to ASA/admin which is seconday ASA&nbsp; and admin context is standby here</P><P></P><P>Context&nbsp; a is active here.</P><P></P><P>From admin context i will go to context a and get hostname ASA1/aand will add the ACL rule here.</P><P></P><P>after the above change is done new rule should show up in both the contexts of&nbsp; primary and secondary fws and right?</P><P></P><P>Best regards</P><P>Mahesh</P><P></P><P>Message was edited by: mahesh parmar</P> Tue, 12 Mar 2019 02:24:49 GMT https://community.cisco.com/t5/network-security/adding-acl-in-multicontext-firewall/m-p/2281725#M344827 mahesh18 2019-03-12T02:24:49Z https://community.cisco.com/t5/network-security/adding-acl-in-multicontext-firewall/m-p/2281726#M344828 <HTML><HEAD></HEAD><BODY><P>Hi Mahesh,</P><P></P><P>So if you have Active/Active ASA pair and several Security Contexts in them then there is really nothing that different from configuring those Security Context compared to configuring an Active/Standby pair.</P><P></P><P>You basically find/determine the device that is Active for the Security Context you want to configure, log into that device and go into the Security Context and make the required configurations and they will be automatically replicated to the other physical units Standby Security Context.</P><P></P><P>You should get a warning before configuring anything if you happen to be logged on a unit that is in Standby State</P><P></P><P>To my understanding as soon as you enter</P><P></P><P><STRONG>configure terminal (or conf t)</STRONG></P><P></P><P>The ASA will notify you that you are configuring the Standby unit and the commands you will enter wont be replicated to the other unit that is Active for this Context at the moment.</P><P></P><P>Basically the easiest command to determine the roles of each ASA device for specific Security Context is to use the following command</P><P></P><P><STRONG>show failover</STRONG></P><P></P><P>When you use it in the System Context space/mode I think you should get listing of that devices State for ALL of the Security Contexts configured on that device.</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 12 Aug 2013 23:41:35 GMT https://community.cisco.com/t5/network-security/adding-acl-in-multicontext-firewall/m-p/2281726#M344828 Jouni Forss 2013-08-12T23:41:35Z https://community.cisco.com/t5/network-security/adding-acl-in-multicontext-firewall/m-p/2281727#M344829 <HTML><HEAD></HEAD><BODY><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Hi Jouni,</P><P></P><P>Thanks for prompt reply.</P><P></P><P>Best Regards</P><P>Mahesh</P></BODY></HTML> Tue, 13 Aug 2013 01:42:16 GMT https://community.cisco.com/t5/network-security/adding-acl-in-multicontext-firewall/m-p/2281727#M344829 mahesh18 2013-08-13T01:42:16Z