Hi everyone,
I am a little bit confused on how to do do an outside shared interface
on an ASA. This has been asked recently, but I think I am asking
something slightly different here.
Say I have (as mentioned) a shared physical outside, and two separate
physical interfaces for the respective insides. The outside
interfaces are in separate vlans, and I have configured a trunk on the
respective switchport.
I think that I _probably_ dont need static MACs, as they are in
different vlans anyway and L2 will sort out over the trunk which vlan,
and hence context, to send the frames to, however for the purposes of
this discussion, lets say I want to configure static MAC for my own
sanity. I think I need to configure the MAC addresses in the
interface config on each respective context, as opposed to from the
system context. What I have done I have included below.
This is not a particular lab scenario, just something I am playing
with right now as I cant authenticate my IPExpert DRM from my hotel
network for some silly reason. I am sure the answer is in there
somewhere *sigh*
I also expect what I have done should work if both outside interfaces
were in the same subnet (ie not trunked, two access ports same vlan).
Cheers,
Matt
CCIE #22386
CCSI #31207
hostname ASA1
enable password 8Ry2YjIyt7RRXU24 encrypted
no mac-address auto
!
interface Ethernet0/0
!
interface Ethernet0/0.30
vlan 30
!
interface Ethernet0/0.40
vlan 40
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
context Con1
description Context1
allocate-interface Ethernet0/0.30 outside
allocate-interface Ethernet0/1 inside
config-url disk0:/Con1.cfg
!
context Con2
description Context2
allocate-interface Ethernet0/0.40 outside
allocate-interface Ethernet0/2 inside
config-url disk0:/Con2.cfg
!
Context 1:
interface outside
mac-address 0001.0000.1111
nameif outside
security-level 0
ip address 66.66.30.10 255.255.255.0
!
interface inside
nameif inside
security-level 100
ip address 66.66.20.10 255.255.255.0
Context2:
!
interface inside
nameif inside
security-level 100
ip address 66.66.50.12 255.255.255.0
!
interface outside
mac-address 2222.0000.2222
nameif outside
security-level 0
ip address 66.66.40.12 255.255.255.0
show int:
ASA1/Con1(config)# show int
Interface outside "outside", is up, line protocol is up
MAC address 0001.0000.1111, MTU 1500
IP address 66.66.30.10, subnet mask 255.255.255.0
Interface inside "inside", is up, line protocol is up
MAC address 0018.199e.a095, MTU 1500
IP address 66.66.20.10, subnet mask 255.255.255.0
ASA1/Con2(config)# show int
Interface inside "inside", is up, line protocol is up
MAC address 0018.199e.a096, MTU 1500
IP address 66.66.50.12, subnet mask 255.255.255.0
Interface outside "outside", is up, line protocol is up
MAC address 2222.0000.2222, MTU 1500
IP address 66.66.40.12, subnet mask 255.255.255.0
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
