Hi all,

I was hoping someone could help me with this problem, I have a pair of ASAs in multiple context mode and in a failover configuration, the contexts share a "internet" interface which they use to go outside the world and also in the case one natted server from one context wants to talk to other natted  server in another context. This intra-context traffic has always work.

However we have recently upgraded from version 8.2.2 to version 8.2.5, since then, communication between the contexts using the shared interface is not working.

This is sample of the configuration

CONTEXT-ADMIN

interface GigabitEthernet0/2.1

mac-address 0016.001f.e251 standby 0016.001f.e252

nameif internet

security-level 0

ip address X.Y.Z.2 255.255.255.0 standby X.Y.Z.252

!

CONTEXT-CTX1

interface GigabitEthernet0/2.1

mac-address 0016.001f.e241 standby 0016.001f.e242

nameif internet

security-level 0

ip address X.Y.Z.241 255.255.255.0 standby X.Y.Z.242

!

as you can see, since this is a shared interface we set the mac-address of the interfaces, however with this version (8.2.5) it seems that one context can't see natted IPs from other contexts. For example I have natted a server on the CTX1 context with the public IP X.Y.Z.43, but from the ADMIN context I just can't see this IP, if I issue the show arp | i X.Y.Z.43 command, it gives me nothing. I also issue a capture command on the ADMIN context and I didnt see any traffic coming from the IP X.Y.Z.43

If I remove the mac-address command from both of the context, I also get no results, now I can see on the ARP tables the natted IPs of the other contexts, but It seem that the traffic gets stuck somewhere in the middle.

I'm pretty sure this could be because of a bug, I have downgrade one of the firewalls and make it the ACTIVE one, this solve the problem. BUT I really would like to know if someone has face this issue and in what version this could be fixed.