https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383627#M731186 <HTML><HEAD></HEAD><BODY><P>Thanks for the great link. Another query though, since the firewall is in an HA mode, how do we allocate public ip address on its internet facing interface.</P><P>viz, would the admin context also need to be put in with ip address or is it only for the other 3 contexts interface. If so, would each context on active firewall have different public ip address and would same apply to standby firewall.</P><P></P><P>Appreciate any assistance!</P></BODY></HTML> Mon, 01 Feb 2010 15:51:41 GMT suthomas1 2010-02-01T15:51:41Z https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383624#M731153 <P>Gurus,</P><P></P><P>We have a requirement to create 2 contexts &amp; 1 admin context on a HA based ASA. The local ip range i have is 192.168.100.0 /24.</P><P>Internet traffic will be coming on to this context, although there will be only one single internet line and not two different ones for each context.</P><P></P><P>Please help me as to how the ip assignments on these contexts must be made wrt to HA pair.A brief overall config including ip address would be very much appreciated.</P><P></P><P></P><P>Thank You.</P> Mon, 11 Mar 2019 17:03:38 GMT https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383624#M731153 suthomas1 2019-03-11T17:03:38Z https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383625#M731162 <HTML><HEAD></HEAD><BODY><P>(EDIT): these also need to have a DMZ interface on each of them. How is that also be incorporated in this.</P><P></P><P>Thanks.</P></BODY></HTML> Sun, 31 Jan 2010 07:25:24 GMT https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383625#M731162 suthomas1 2010-01-31T07:25:24Z https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383626#M731170 <HTML><HEAD></HEAD><BODY><P>Pls. see an example here:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/examples.html#wp1009684">http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/examples.html#wp1009684</A></P><P></P><P></P><P>-KS</P></BODY></HTML> Sun, 31 Jan 2010 17:50:41 GMT https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383626#M731170 Kureli Sankar 2010-01-31T17:50:41Z https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383627#M731186 <HTML><HEAD></HEAD><BODY><P>Thanks for the great link. Another query though, since the firewall is in an HA mode, how do we allocate public ip address on its internet facing interface.</P><P>viz, would the admin context also need to be put in with ip address or is it only for the other 3 contexts interface. If so, would each context on active firewall have different public ip address and would same apply to standby firewall.</P><P></P><P>Appreciate any assistance!</P></BODY></HTML> Mon, 01 Feb 2010 15:51:41 GMT https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383627#M731186 suthomas1 2010-02-01T15:51:41Z https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383628#M731193 <HTML><HEAD></HEAD><BODY><P>Good question. We do recommend to add a standby IP for all interfaces. If you have available addresses I would add a standby IP address for the outside interface for all the contexts. Otherwise you can leave it just with the active IP. Failover will still work. Just monitoring interface will not work.</P><P></P><P>When you issue sh fail, active unit will show up with an IP address but the standby unit will show up as 0.0.0.0. That is all.</P><P></P><P>-KS</P></BODY></HTML> Mon, 01 Feb 2010 16:31:41 GMT https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383628#M731193 Kureli Sankar 2010-02-01T16:31:41Z https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383629#M731201 <HTML><HEAD></HEAD><BODY><P>thanks for the prompt help. to make it more easily digestible to me, below is the <BR />sample config i have done to enact this scenario:</P><P>each context will have a different organisation on it.</P><P></P><P>FWA(Active) - Context 1 &amp; Context 2<BR />FWB(Standby) - Context 1 &amp; Context 2</P><P></P><P>Assuming public ip's to be 192.168.100.4 /29</P><P>Gw: 192.168.100.5</P><P></P><P>On FWA- context1: i assign IP 192.168.100.6 /29 on public interface<BR />On FWA- context2: i assign IP 192.168.100.7 /29 on public interface</P><P></P><P>(Or does it mean that Context2 doesnt have to be assigned any ip or the same as Context1) ?</P><P></P><P>On FWB- context1: Unassigned<BR />On FWB- context2: Unassigned</P><P></P><P>Is this correct as per my understanding of your post.</P><P></P><P>Tons of thanks to you!</P></BODY></HTML> Mon, 01 Feb 2010 17:17:58 GMT https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383629#M731201 suthomas1 2010-02-01T17:17:58Z https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383630#M731206 <HTML><HEAD></HEAD><BODY><P>That is correct. You did understand it correct.</P><P></P><P>-KS</P></BODY></HTML> Mon, 01 Feb 2010 17:22:19 GMT https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383630#M731206 Kureli Sankar 2010-02-01T17:22:19Z https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383631#M731210 <HTML><HEAD></HEAD><BODY><P>Ok. that means Context1 &amp; Context2 will have seperate translation tables ?</P><P></P><P><BR />Thanks.</P></BODY></HTML> Mon, 01 Feb 2010 17:32:22 GMT https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383631#M731210 suthomas1 2010-02-01T17:32:22Z https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383632#M731217 <HTML><HEAD></HEAD><BODY><P>Yes that is correct. Context 1 and context 2 are two different firewalls.</P><P></P><P>-KS</P></BODY></HTML> Mon, 01 Feb 2010 17:39:21 GMT https://community.cisco.com/t5/network-security/firewall-contexts/m-p/1383632#M731217 Kureli Sankar 2010-02-01T17:39:21Z