Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1087
Views
0
Helpful
2
Replies

Security context admin via shared interface

pascalfr0
Level 1
Level 1

‎11-20-2015 09:50 PM - edited ‎03-11-2019 11:55 PM

Hi,

we just set a couple of ASA 5520 in security context mode, with :

- system context,

- admin context,

- 2 production contexts.

So far so good.

However, we can't poll via snmp thru the admin context the interfaces that have been configured into the production contexts. Another annoying side effect is the fact that the admin context cannot send syslog messages for events happening in the production contexts.

So every context needs to be polled separatly, and every context sends its own syslog messages.

-> Is it correct or is there a way to manage all contexts (snmp; syslog...) through the admin context ?

At last, we woud like to send all management traffic through the same interface.

For now, eth0/1 is allocated exclusively to admin context.

-> Could we share this interface between contexts, just the way described in the figure below, so that at last all admin traffic from all contexts would be sent to that interface, dedicated to management traffic ? (seems ok but I was wondering about restrictions for interfaces allocated  to admin context). What I want to do is share the interface 0/1 between contexts in the same way eth0/0 is shared in the figure below :

regards,

Pascal

Labels:
0 Helpful
2 Replies 2

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎11-22-2015 03:17 AM

Hi,

Yes , you have to configure logging on every context seperately to send the syslogs.

For the 2nd issue , you can share that interface in multiple contexts and send the traffic through.

Refer:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/monitor_syslog.html#pgfId-1082019

Thanks and Regards,

Vibhor Amrodia

0 Helpful

pascalfr0
Level 1
Level 1
In response to Vibhor Amrodia

‎12-01-2015 03:47 AM

OK, so there would be no problem sharing a standard interface between security contexts and admin contexts.

One step further, would it be possible to share the management interface this way ?

I mean, would it be possible to allocate management interface

- in security context A, IP address 10.1.1.1, mac1 (mac is generared by ios for shared interfaces)

- in security context B, IP address 10.1.1.2, mac2 (...),

- in admin context, IP address 10.1.1.3, mac3 (...)

?

Or is the management interfaces allocated to admin context only ?

Thanks for your input,

Pascal

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card