11-09-2017 01:41 AM - edited 02-21-2020 06:41 AM
Hi,
I had issues configuring traffic redirection on ASA's configured with multiple contexts.
I can create a new class-map within each context and enable monitor mode. However when I want I want to disable monitor mode and configure inline via ASDM I receive an error:
[Error] sfr fail-open command failed.
I am able to configure without errors via the admin context.
ASA Ver 9.6.3(1)
ASDM Ver 7.7.1(151)
Documentation suggests that the redirection should be configured within each context.
Any suggestions or clarification would be appreciated.
Ian
11-09-2017 12:04 PM
11-14-2017 06:24 AM
11-14-2017 11:27 AM
This has been working for me:
admin context:
Nothing
contextA:
access-list contextA-inside_mpc extended permit ip any any ! class-map contextA-inside-class-sfr match access-list contextA-inside_mpc ! policy-map contextA-inside-policy class contextA-inside-class-sfr sfr fail-open !
contextB:
access-list contextB-inside_mpc extended permit ip any any ! class-map contextB-inside-class-sfr match access-list contextB-inside_mpc ! policy-map contextB-inside-policy class contextB-inside-class-sfr sfr fail-open
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide