VPN on ASA 5510 Using Security context senairo

Unanswered Question
Oct 28th, 2009

Is this possible after enabling Security Context on ASA 5510 .


Will be able to allow Dedicatedly Vlan 5 Traffic (In Red Line) to use ISP-2 to communicate outer world and Vise versa if I enable Security Context in ASA 5510

Will be able to allow Dedicatedly Vlan 3 Traffic (In Blue Line) to use ISP-1 to communicate outer world and Vise versa.

Will be able to configure VPN when we enable Security Context on ASA 5510

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Herbert Baerten Thu, 10/29/2009 - 00:18

To the first question(s): Yes, this separattion of traffic is precisely what security contexts are meant for, i.e. you will have 2 "virtual firewalls" each with their own (sub)interfaces and their own routing table.

To the second question: unfortunately no, you cannot configure VPN in multi-context mode (yet - this may be supported at some point in the future).

shridhar76 Thu, 10/29/2009 - 00:53

HI ,

If i am keeping router above on my ASA then can i do this or not.. Because some guys are telling that we can do.


Herbert Baerten Thu, 10/29/2009 - 01:23

You mean have a single router on the outside of the ASA?

Should be no problem, it just gets a bit more complex, i.e. you can either:

- configure a shared outside interface on the ASA, and PBR (Policy Based Routing) on the router (since you cannot route based on destination, you will need to route based on source address)


- keep the traffic totally separated by configuring VRF-lite on the router, so you get 2 virtual routers, each which its own (sub)interfaces and routing table (very similar to contexts on the ASA).

shridhar76 Thu, 10/29/2009 - 01:51

Can you please be more specific i have posted the Network Design with this Question.

Herbert Baerten Thu, 10/29/2009 - 02:09

Well, can you clarify your current question please? You wrote "If i am keeping router above on my ASA" but in your design there are 2 routers above the ASA...

shridhar76 Thu, 10/29/2009 - 02:23

Hi Buddy,

Okey here is my Question.

According to our requirements if i configure Security Context will i be able to do the following.

1. ISP 1 will be terminating on Router -A

2. ISP 2 will be terminating on Router -B

3. Traffic from VLAN 2 should use only ISP-2 to go out.

4. Traffic from VLAN 3 Should use only ISP-1 to go out.

3. will i be able to Tunnel VPN traffic in and out from ISP-1 and 2 to VLANand VLAN to ISP-1 and 2

If you need any more clarrifcation plz let me know

Thanks in Advance



This Discussion