Re: Cascading (Shared Interface - Trafic)

rodri_bras · ‎01-25-2013

Hi, I like to know with cascading in the ASA about contexts.

I have two contexts, one contextA e one contextB, i'm using a front wit other. ContextA have two interfaces logic, one inside and onde cascading. Context B have two interfaces logic, one inside and one cascading. The cascading interface are facing one another, but only use a physical interface Gi0/1.
The cascading interface is a logical interface that does not pass through the switch only barraento the wing, however need to set a physical interface for the same work. example the physical interface gi0 / 1, and the interface would be cascading gi0/1.100.

My doubt is regarding this cascading interface (shared), my whole scenario using 10G, and I put in cascading 1G, I will have problems?

Michal Garcarz · ‎01-25-2013

Hi Rodri,

Yes - that will work.

If you share the same interface (gig0/1.20) on both contexts just make sure it uses different mac address in each context ("mac-address auto" command) and also it has different IP address configured (unless you want to rely on NAT rules for determining which packet should go to which context).

You also need to make sure that inteface is UP (connected to switch). That switch will see both mac-adresses on that port. Both contexts will reply with correct ARP reply for it's IP.

---

Michal

rodri_bras · ‎01-27-2013

Hello Marchal.

yes, I know how to make it work, however this is not the issue, my issue is whether this shared interface that is a virtual interface within the box, if it uses the bandwith cable, or using the internal bus of the firewall.

because all this on 10g connection and this interface between the contexts in this 1g, this can influence the transmission of packets between contexts?

thanks

Michal Garcarz · ‎01-27-2013

It will use physical interface, you might have a problems - because of bottleneck. I would advise to use 10g interface for that.

---

Michal

rodri_bras · ‎01-28-2013

Hi Michal,

Thanks.