Solved: Mix of Contexts - Transparent and Routed

GRANT3779 · ‎08-03-2016

Hi All,

I have been reading conflicting information.

The setup I want to have is as follows.

I will have 2 x 5516X (ASA1 and ASA2)

I want to have two contexts on each ASA - CTX1 and CTX2.

CTX1 - Transparent Mode
CTX2 - Routed Mode

ASA1 to be active for CTX1 and standby for CTX2

ASA2 to be active for CTX2 and standby for CTX1

Now from reading multiple documents, can I actually have an ASA with two contexts, with one being routed and the other being transparent before I go any further?

Thanks

Karsten Iwen · ‎08-03-2016

Mixed firewall mode was added in 9.0. So, go further with your deployment.

View solution in original post

Karsten Iwen · ‎08-03-2016

Mixed firewall mode was added in 9.0. So, go further with your deployment.

GRANT3779 · ‎08-03-2016

Thanks Karsten,

I'm reading the 9.0 configuration guide and come across the following

If only one context is associated with the ingress interface, the ASA classifies the packet into that context. In transparent firewall mode, unique interfaces for contexts are required, so this method is used to classify packets at all tim

Does this imply that If use for example interface G1 and G2 in my transparent context, I cannot use these interfaces in my routed context? Or am I misunderstanding what it means by unique interfaces above?

Karsten Iwen · ‎08-03-2016

Yes, you can't have shared interfaces in this case. But the unique interfaces don't have to be physical interfaces, you can use subinterfaces if you need many physical interfaces for other purposes.