Where is your global (outside) 1, nat (inside) 1 0 0 (global, dynamic, policy, or static).
This is a requirement to route packets. You'll news it on both contexts.
Hope that helps.
Regards,
Jay McMickle- CCIE #35355 (RS), 3x CCNP (RS,Security,Design)
Sent from my iPhone
On Aug 24, 2012, at 5:46 AM, Wael Ahmed <wsadani_at_gmail.com> wrote:
> This My Configuration i allocate the interface to The context
> interface Ethernet0/0
> no shutdown
> !
> interface Ethernet0/1
> no shutdown
> !
> interface Ethernet0/2
> no shutdown
> !
> interface Ethernet0/3
> vlan 4
> !
>
> !
> interface Ethernet0/3
> no shutdown
> !
> interface Management0/0
> shutdown
>
> !
> class default
> limit-resource All 0
> limit-resource ASDM 5
> limit-resource SSH 5
> limit-resource Telnet 5
> !
>
> !
>
> ftp mode passive
> pager lines 24
> no failover
>
> no asdm history enable
> arp timeout 14400
> console timeout 0
>
> admin-context admin
> context admin
> config-url disk0:/admin.cfg
>
> !
>
> context test1
>
> allocate-interface Ethernet0/0
> allocate-interface Ethernet0/1
> config-url disk0:/test1.cfg
>
> context test1
>
> allocate-interface Ethernet0/0
> allocate-interface Ethernet0/2
> config-url disk0:/test2.cfg
>
> mac-address auto
> !
>
> prompt hostname context
> Cryptochecksum:27b0566983846cfcb1f2b0a4559397ad
> : end
>
>
>
>
> test1 context
>
> interface Ethernet0/0
> nameif outside
> security-level 0
> ip address 12.12.5.253 255.255.255.0
> !
> interface Ethernet0/1
> nameif inside
> security-level 100
> ip address 12.12.4.253 255.255.255.0
>
> access-list outside extended permit icmp any any
> access-group outside in interface outside
>
> route outside 0.0.0.0 0.0.0.0 12.12.5.1
>
> tes21 context
>
> interface Ethernet0/0
> nameif outside
> security-level 0
> ip address 12.12.5.254 255.255.255.0
> !
> interface Ethernet0/2
> nameif inside
> security-level 100
> ip address 12.12.6.253 255.255.255.0
>
> access-list outside extended permit icmp any any
> access-group outside in interface outside
>
> route outside 0.0.0.0 0.0.0.0 12.12.5.1
>
> On Fri, Aug 24, 2012 at 1:23 AM, Jay McMickle <jay.mcmickle_at_yahoo.com>wrote:
>
>> Can you paste your config?
>>
>> In the sys context, did you allocate interfaces to the context? I'm
>> assuming yes if you are seeing the interface from the context.
>>
>> Did you trunk and tag the interfaces? Show us the config.
>>
>> Thanks!
>>
>> Regards,
>> Jay McMickle- CCIE #35355 (RS), 3x CCNP (RS,Security,Design)
>> Sent from my iPhone
>>
>> On Aug 23, 2012, at 3:03 AM, Wael Ahmed <wsadani_at_gmail.com> wrote:
>>
>>> Hi
>>> In preparing For CCIE security When i configure The ASA in Multi context
>>> and There shared interface For Ex fast0/0 The traffec Flow not go
>> Through
>>> this interface
>>> when i do packet trace i receive this error
>>> (ifc-classify) Virtual firewall classification failed
>>> Even i typed
>>> Mac-address auto but still The same
>>> The version of The ASA 8.0
>>> Any Advice
>>> Thanks
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Aug 24 2012 - 06:17:34 ART
This archive was generated by hypermail 2.2.0 : Sat Sep 01 2012 - 08:41:18 ART