Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
1
Replies

Multiple context mode and sharing outside interface for internet FW

DannyHuston
Level 1
Level 1

‎02-25-2013 08:10 AM - edited ‎03-11-2019 06:05 PM

Any advantages for sharing an outside interface versus making separate sub-interfaces for each context?  Other than conserving public IPs if you were to assign them on the outside interface?

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎02-25-2013 08:32 AM

Hi,

In the old FWSM enviroment I think we ran into some problems when there needed to be traffic between the Contexts through the "outside" interface. Dont exactly remember what the situation was since it was such a long time ago.

On the ASA side we use separate subinterface for each context but on the core side they are still part of the same subnet. (with the actual IP addresses under a loopback interface and subinterfaces using "ip unnumbered loopbackx" configuration.)

Our decision to use separate subinterfaces for each context on the core side is to be able to create different policys for each "outside" interface. (Not on the ASA but on the core device where the ASA is connected to)

I guess in our amount of Contexts it also beneficial to have separate subinterfaces to easily pinpoint the Context which owns a particular IP address as we can determine it by the subinterfaces easily while on the FWSM side it was a bit of a pain with a shared "outside" Vlan interface.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card