For routed mode, the
following methods also apply.
1.
Unique MAC Address: If multiple contexts are associated with the ingress interface, the appliance classifies
the packet into a context by matching interface MAC addresses. By default, shared interfaces in a context
do not have a unique MAC address, and it uses the default physical MAC address in every context. This can
cause ARP issues as an upstream device cannot send the packet to the correct context due to the
duplicate MAC address across multiple context interfaces. The solution is to assign a unique MAC address
to the shared interface within each context. This can be done using the mac-address mac_address
[standby mac_address] command under the interface configuration mode. Alternatively, you can use the
global command mac-address auto to automatically generate MAC addresses to each shared context
interface.
2.
Address Translation: If you are not using unique MAC addresses as just explained, then Security Appliance
classifies the packet into a context by matching the destination address to one of the following context
configurations. The classifier relies on the NAT configuration and matches the destination IP address in
either a static command or global command and looks at the following:
Global address in a static NAT statement where the global interface matches the ingress
interface of the packet
a.
Pages:
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269