Connection failure in ASA 5520 security contexts

gerald · ‎03-28-2011

Hi team,

Ive got a virtualised firewall running 3 security contexts in routed mode. What am experiencing is that i cannot connect to an OUTSIDE host through the security contexts. From the firewall itself i cannot ping the directly attached host on the OUTSIDE interface but i can ping the directly attached host on the INSIDE interface. When i reload the firewall box, the first ping to the OUTSIDE host would be successful but subsequent pings fail and thus total connectivity is lost.

Please advice why this firewall is behaving this way.

I even tried upgrading to ASA version 8.4(1) but still the same.

Regards,

Jerry.

PAUL GILBERT ARIAS · ‎03-28-2011

Are you sharing the outside interface on the three contexts?

Sent from Cisco Technical Support iPhone App

gerald · ‎03-28-2011

Yes am sharing the outside interface across the 3 contexts using vlans and subinterfaces. But all vlans on that particular physical interface are OUTSIDE interfaces for the respective contexts.

Regards,

PAUL GILBERT ARIAS · ‎03-28-2011

each outside interface of the each context is a subinterface? that is what you mean?

If you were using the same physical interface and sharing the IP that could cause some kind of issue since the MAC is used for the 3 outside interfaces. In this cases it is a good idea to use MAC address auto on the system context but it seems that this is not the case.

gerald · ‎03-29-2011

Yes, each OUTSIDE interface for each context is a subinterface, strange enough one context is working perfectly fine and it's sharing the same physical interface but of course on a different subinterface and ip subnet. Do u reckon it's the MAC address thing n how can I go abt it?

Sent from my iPhon

PAUL GILBERT ARIAS · ‎03-29-2011

if you have subinterfaces and different IPs your shouldn't have MAC address issues.