Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1719
Views
0
Helpful
2
Replies

ASA Multiple context sharing Outside interface

Go to solution
mahesh18
Level 6
Level 6

‎06-16-2013 02:42 PM - edited ‎03-11-2019 06:58 PM

Hi All,

I have question regarding the ASA  when working as multiple context mode.

If output interface is shared by two contexts and both  have different IP  address.

Is it possible that outside shared interface can have same mac address for both the contexts?

Will the Setup work if outside interface is shared and also configured  with same mac address?

Second Setup

If outside interface is shared but has unique mac address and connection is initated from the internet will then traffic  reach the inside context of

ASA?

Regards

Mahesh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎06-16-2013 03:07 PM

Hi Mahesh,

I think by default when you configure the ASA in Multiple Context mode and have a shared interface between 2 Security Contexts then both of the interfaces will use the same MAC address.

In those cases I assume that the ASA uses existing NAT configurations or IP addresses configured on the ASA interfaces to determine which is the correct Security Content to which the traffic needs to be forwarded to.

It should work as long as the IP address configured on the interface is different. Naturally if the NAT configurations also play a role as I said.

With regards to the second setup. I would imagine that this is actually the preferred way. That each contexts shared interface has a unique MAC address.

You can check this section of the 8.2 configuration guide

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1146806

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎06-16-2013 03:07 PM

Hi Mahesh,

I think by default when you configure the ASA in Multiple Context mode and have a shared interface between 2 Security Contexts then both of the interfaces will use the same MAC address.

In those cases I assume that the ASA uses existing NAT configurations or IP addresses configured on the ASA interfaces to determine which is the correct Security Content to which the traffic needs to be forwarded to.

It should work as long as the IP address configured on the interface is different. Naturally if the NAT configurations also play a role as I said.

With regards to the second setup. I would imagine that this is actually the preferred way. That each contexts shared interface has a unique MAC address.

You can check this section of the 8.2 configuration guide

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1146806

- Jouni

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Jouni Forss

‎06-17-2013 09:15 AM

Hi Jouni,

Many thanks again.

Regards

MAhesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card