Mac address auto is the trick on all of those exercises regarding multiple context and share interfaces.
Having a unique mac address of each interface will avoid any classification issues on the ASA. IF there is a problem with classification u can either apply nat or if it gets to the incorrect interface use ASR groups. Mike Sent from my iPhone On Oct 21, 2012, at 1:10 PM, "Matt Hill" <[email protected]> wrote: > Hi everyone, > > I am a little bit confused on how to do do an outside shared interface > on an ASA. This has been asked recently, but I think I am asking > something slightly different here. > > Say I have (as mentioned) a shared physical outside, and two separate > physical interfaces for the respective insides. The outside > interfaces are in separate vlans, and I have configured a trunk on the > respective switchport. > > I think that I _probably_ dont need static MACs, as they are in > different vlans anyway and L2 will sort out over the trunk which vlan, > and hence context, to send the frames to, however for the purposes of > this discussion, lets say I want to configure static MAC for my own > sanity. I think I need to configure the MAC addresses in the > interface config on each respective context, as opposed to from the > system context. What I have done I have included below. > > This is not a particular lab scenario, just something I am playing > with right now as I cant authenticate my IPExpert DRM from my hotel > network for some silly reason. I am sure the answer is in there > somewhere *sigh* > > I also expect what I have done should work if both outside interfaces > were in the same subnet (ie not trunked, two access ports same vlan). > > Cheers, > Matt > > CCIE #22386 > CCSI #31207 > > > hostname ASA1 > enable password 8Ry2YjIyt7RRXU24 encrypted > no mac-address auto > ! > interface Ethernet0/0 > ! > interface Ethernet0/0.30 > vlan 30 > ! > interface Ethernet0/0.40 > vlan 40 > ! > interface Ethernet0/1 > ! > interface Ethernet0/2 > ! > interface Ethernet0/3 > ! > context Con1 > description Context1 > allocate-interface Ethernet0/0.30 outside > allocate-interface Ethernet0/1 inside > config-url disk0:/Con1.cfg > ! > > context Con2 > description Context2 > allocate-interface Ethernet0/0.40 outside > allocate-interface Ethernet0/2 inside > config-url disk0:/Con2.cfg > ! > Context 1: > interface outside > mac-address 0001.0000.1111 > nameif outside > security-level 0 > ip address 66.66.30.10 255.255.255.0 > ! > interface inside > nameif inside > security-level 100 > ip address 66.66.20.10 255.255.255.0 > > Context2: > ! > interface inside > nameif inside > security-level 100 > ip address 66.66.50.12 255.255.255.0 > ! > interface outside > mac-address 2222.0000.2222 > nameif outside > security-level 0 > ip address 66.66.40.12 255.255.255.0 > > > show int: > > ASA1/Con1(config)# show int > Interface outside "outside", is up, line protocol is up > MAC address 0001.0000.1111, MTU 1500 > IP address 66.66.30.10, subnet mask 255.255.255.0 > > Interface inside "inside", is up, line protocol is up > MAC address 0018.199e.a095, MTU 1500 > IP address 66.66.20.10, subnet mask 255.255.255.0 > > ASA1/Con2(config)# show int > Interface inside "inside", is up, line protocol is up > MAC address 0018.199e.a096, MTU 1500 > IP address 66.66.50.12, subnet mask 255.255.255.0 > > Interface outside "outside", is up, line protocol is up > MAC address 2222.0000.2222, MTU 1500 > IP address 66.66.40.12, subnet mask 255.255.255.0 > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
