cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
764
Views
0
Helpful
5
Replies

Communication Between ASA Multiple Contexts

captain131
Level 4
Level 4

Is it possible to create the following design:

1) Multiple Contexts: Customer Internal Network; Business Partner A, Business Partner B

2) Customer net can talk to Business Partner A and B (from the inside)

3) Business Partners can't talk to each other.

If this is possible, am I gaining any additional security with using this type of context design vs. putting the business partner connectivity in DMZ interfaces and using ACLs?

5 Replies 5

Collin Clark
VIP Alumni
VIP Alumni

Is there a specific reason why you would not have a single context and use a different interface for Internal, BP-A, and BP-B? It's possible to do it with multiple contexts, but I think it would be easier to do it with a single context.

Hope that helps.

No specific reason. My reasoning (which may be convoluted are completely off) was to give each business partner the security of being seperated by a virtual firewall from one another. It's not a strict requirement, but more of a design "thought" I had when reviewing the functionality of contexts. It sounds like I'm making it more complicated than it needs to be?

I can understand your thinking, but IMO using a single context can be just as secure. I only use multiple contexts when necessary. Also keep in mind that you can not use VPN with multiple contexts.

Hi Colin - Thanks for the feedback. I've had similar feedback from other engineers I spoke with offline. I will very likely go back to the single context mode. Would you suggest using DMZ's as part of the design?

Absolutely. I would create a new DMZ for each customer. Use 'inside' for your internal network and 'outside' for the public network if you have that connection.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: