Multiple Contexts—Transparent Mode
Figure 6-7 shows an admin ambience additional three assorted contexts for assorted barter in a cellophane mode.
Each chump has its own aegis ambience with its own aegis action (NAT, admission list, changeless routes, and so
on). A cellophane firewall is in a defended bridging approach and connects the central and alfresco interfaces to the
same arrangement (Net A). Anniversary aegis ambience is assigned a administration IP abode of 10.1.x.2 on the same
connected (Net A) IP subnet.
Figure 6-7. Assorted Contexts—Transparent Mode
[View abounding admeasurement image]
Note
Transparent approach does not acquiesce aggregate interfaces.
Note
In assorted approach environments, all contexts can be configured either in baffled or cellophane mode.
Mix-mode ambiance is not supported.
Caution
Dynamic acquisition protocols are not accurate in assorted ambience modes; changeless acquisition can be used. VPN
and Multicast are additionally not supported.
How does the Aegis Apparatus allocate which ambience to accelerate a packet to?
All packets entering the apparatus charge be classified to actuate which ambience to accelerate a packet to. The
classifier uses the afterward action to accredit the packet to a context:
Unique Interface: If alone one ambience is associated with the admission interface, the Aegis Appliance
classifies the packet into that context. Note that back application the cellophane mode, use different interfaces
only because cellophane approach requires different interface allocation for anniversary context. For baffled mode, the
following methods additionally apply.
1.
Unique MAC Address: If assorted contexts are associated with the admission interface, the apparatus classifies
the packet into a ambience by analogous interface MAC addresses. By default, aggregate interfaces in a context
do not accept a different MAC address, and it uses the absence concrete MAC abode in every context. This can
cause ARP issues as an upstream accessory cannot accelerate the packet to the actual ambience due to the
duplicate MAC abode beyond assorted ambience interfaces. The band-aid is to accredit a different MAC address
to the aggregate interface aural anniversary context. This can be done application the mac-address mac_address
[standby mac_address] command beneath the interface agreement mode. Alternatively, you can use the
global command mac-address auto to automatically accomplish MAC addresses to anniversary aggregate context
interface.
2.
Address Translation: If you are not application different MAC addresses as aloof explained, again Aegis Appliance
classifies the packet into a ambience by analogous the destination abode to one of the afterward context
configurations. The classifier relies on the NAT agreement and matches the destination IP abode in
either a changeless command or all-around command and looks at the following:
Global abode in a changeless NAT account area the all-around interface matches the ingress
interface of the packet
a.
b. All-around NAT basin for IP addresses articular by a all-around basin for the admission interface.