Solved: ASA Three Security Context to ISE Appliance for TACACS+

jthomp7626 · ‎07-09-2019

We have ASAs with three security contexts. We have one ISE appliance for TACACS+. Our MGMT context and ISE are routed on MGMT network. Our other two contexts are on different networks. How do we point our other two contexts to our ISE appliance via our MGMT network for AAA?

Mike.Cifelli · ‎07-09-2019

This may depend on how you have your ASA/Contexts setup. However, you should be able to leak (route) between the contexts on your ASA. In order to do so you would need to create another subinterface and allocate the interface between the contexts you want to leak to. Then you will need to change the interface mac address. Then within your other two contexts you would point a route to your management network(context) using the shared internal vlan that would allow you to leak.

View solution in original post

Mike.Cifelli · ‎07-09-2019

This may depend on how you have your ASA/Contexts setup. However, you should be able to leak (route) between the contexts on your ASA. In order to do so you would need to create another subinterface and allocate the interface between the contexts you want to leak to. Then you will need to change the interface mac address. Then within your other two contexts you would point a route to your management network(context) using the shared internal vlan that would allow you to leak.

jthomp7626 · ‎07-09-2019

Thank you Mike. Will try and get back to you.