Classification examples – Cisco ASA 5505 User Manual

Page 204

5-4

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 5 Configuring Multiple Context Mode

Information About Security Contexts

NAT Configuration

If you do not use unique MAC addresses, then the mapped addresses in your NAT configuration are used
to classify packets. We recommend using MAC addresses instead of NAT, so that traffic classification
can occur regardless of the completeness of the NAT configuration.

Classification Examples

Figure 5-1

shows multiple contexts sharing an outside interface. The classifier assigns the packet to

Context B because Context B includes the MAC address to which the router sends the packet.

Figure 5-1

Packet Classification with a Shared Interface using MAC Addresses

Classifier

Context A

Context B

MAC 000C.F142.4CDC

MAC 000C.F142.4CDB

MAC 000C.F142.4CDA

GE 0/1.3

GE 0/1.2

GE 0/0.1 (Shared Interface)

Admin

Context

GE 0/1.1

Host

209.165.201.1

Host

209.165.200.225

Host

209.165.202.129

Packet Destination:

209.165.201.1 via MAC 000C.F142.4CDC

Internet

Inside

Customer A

Inside

Customer B

Admin

Network

153367

This manual is related to the following products:

ASA 5585-X ASA 5555-X ASA 5545-X ASA 5525-X ASA 5515-X ASA 5512-X ASA 5580 ASA 5550 ASA 5540 ASA 5520 ASA 5510 ASA 5500 Series