5510 with CSC module, multiple context confusion??

omair.siddiqui · ‎06-24-2008

one of my client has following requirement for ASA 5510 with CSC.

They want to publish their emails (DMZ) and want to use asa just like standard firewall setup.

On same ASA they want to connect 15 guest user on there n/w with complete different firewall and content filtering policies. My question:

1- If i use security context. Can i still use VPN features and content filtering

2- Can i define complete different zone for these guest users and define different content filtering policies.

If both are possible which one is more appropriate.

dhananjoy chowdhury · ‎06-24-2008

Hi Omair,

VPN is not supported in context mode.

omair.siddiqui · ‎06-25-2008

Hmm but i need IPSEC VPN and probably 4-10 SSL VPN beside IPSEC.

Means i cannot use security context for this problem...

what if define 4 zones inside--outside--DMZ--GUEST and

Assign different firewall and content filtering properties for inside and GUEST zone.

In guest zone i will have different subnet and only guest machines will be connected there..

Kindly reply

omair.siddiqui · ‎06-25-2008

Kindly help to sort it out!!!!

Become critical for me

dhananjoy chowdhury · ‎06-25-2008

Hi Omar,

Yes creating a Guest zone is what people do generally.

Then you have to configure access-lists for the Guest zone IP subnet permitting only the required services like http, mail etc.. Rest all traffic from and to the guest zone should be denied.

I believe this should suffice the requirement of your management.

Also make sure the guest zone is on an isolated vlan on the switch.