Re: [OSL | CCIE_Security] ASA contexts with a shared physical interface.

[Mike Rojas]

Hi, 

Missing existing flow. Yes, if you have NAT the packet is going to be 
classified if there is no Unique mac address. Mostlikely it is needed when 
using shared interfaces. Now very important, if it does not says it explicitly 
on the test, you can enable it. It is always best to read carefully what they 
ask. 

Mike Rojas



Date: Fri, 14 Sep 2012 11:13:33 +0200
From: peter.jorgen...@mil.dk
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] ASA contexts with a shared physical interface.




        Hi



         

        Have a doubt about this.....

        

        I know that the packet classification is done in the following order:

        

        1. Classification based on destination MAC - require unique MAC on each 
shared interface

        2. Classification based on destination IP and NAT

        

        If I have two context with a shared outside interface and Enables NAT 
Control and doesn't
use overlapping subnets - is it correct assumed that I do not need to activate 
the
"mac-address auto" or manual configure unique MAC addresses of the physical
interfaces - because NAT will classify packets?

        

        I know that in real life - best practice is to always enable 
mac-address auto when using
shared interfaces - but what is right in LAB Exam???

        

        

        

        /Peter

         

        

        RELEASABLE TO INTERNET TRANSMISSION

        

        Please note that this message may contain confidential information. If 
you have received this
message by mistake, please inform the sender of the mistake by sending a reply, 
and then
delete the message from your system without making, distributing or retaining 
any copies of
it. Although we believe that the message and any attachments are free from 
viruses and other
errors that might affect the computer or IT system where it is received and 
read, the
recipient opens the message at his or her own risk. We assume no responsibility 
for any loss
or damage arising from the receipt or use of this message. 

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com                                         
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com