Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
0
Helpful
2
Replies

ASA active active design

teymur azimov
Level 1
Level 1

‎11-06-2013 03:27 AM - edited ‎03-11-2019 08:01 PM

Hi

I configurate ASA's in active active mode. I create 10 context's in Primary ASA. 5 context are in group1 in ASA1 and 5 conetexts are in group2 in ASA2.

The problem assign ip address to outside interface of context's.

I use int gi0/0 and gi0/1 for outside interfaces. 5 contexts are in gi0/0 and 5 contexts are in gi0/1 interface.

gi0/2-gi0/6 for inside interface.

I create subinterface in inside interfaces and assign different vlan. In different conetext give different subnet. That is ok.

The issue is:

i want to use the same subnet but differen ip for outside interface of context's. is it possible?  I configurate eigrp protocol in Context's.

Thanks.

Labels:
0 Helpful
2 Replies 2

teymur azimov
Level 1
Level 1

‎11-06-2013 04:28 AM

Dears

i find the documentation

http://www9.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808d2b63.shtml#mul

But this is version 7.x

Assign the Same IP Address to the Shared Interfaces in the Multiple Context Mode

Assigning the same IP address to the shared interface is not possible. A shared interface over multiple contexts allows us to simulate virtual firewalls over the same LAN segment. When the same IP address is assigned to the shared interface, for example shared over multiple contexts, it gives an IP address conflict error. The ASA will not allow this configuration because of the ARP issue between the contexts for the same IP address.

The error is shown here for your reference: ERROR: This address conflicts with another address on net.

Here is wroten that same ip address but i want to configurate same subnet but different ip address. is it possible?

i use 9.1 version in ASA's

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to teymur azimov

‎11-06-2013 05:31 AM

Hi,

There should be no problem using different IP addresses from the same subnet in different Security Contexts.

The networks which you can use in a specific Security Context depends on which physical interface they are using as their external WAN Interface. It also naturally depends how you have connected those interfaces to the L3 device / Router in front of the pair of ASAs

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card