cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
636
Views
0
Helpful
6
Replies

VPN on ASA 5510 Using Security context senairo

shridhar76
Level 1
Level 1

Is this possible after enabling Security Context on ASA 5510 .

Requirement:

Will be able to allow Dedicatedly Vlan 5 Traffic (In Red Line) to use ISP-2 to communicate outer world and Vise versa if I enable Security Context in ASA 5510

Will be able to allow Dedicatedly Vlan 3 Traffic (In Blue Line) to use ISP-1 to communicate outer world and Vise versa.

Will be able to configure VPN when we enable Security Context on ASA 5510

6 Replies 6

Herbert Baerten
Cisco Employee
Cisco Employee

To the first question(s): Yes, this separattion of traffic is precisely what security contexts are meant for, i.e. you will have 2 "virtual firewalls" each with their own (sub)interfaces and their own routing table.

To the second question: unfortunately no, you cannot configure VPN in multi-context mode (yet - this may be supported at some point in the future).

HI ,

If i am keeping router above on my ASA then can i do this or not.. Because some guys are telling that we can do.

Shridhar

You mean have a single router on the outside of the ASA?

Should be no problem, it just gets a bit more complex, i.e. you can either:

- configure a shared outside interface on the ASA, and PBR (Policy Based Routing) on the router (since you cannot route based on destination, you will need to route based on source address)

OR

- keep the traffic totally separated by configuring VRF-lite on the router, so you get 2 virtual routers, each which its own (sub)interfaces and routing table (very similar to contexts on the ASA).

Can you please be more specific i have posted the Network Design with this Question.

Well, can you clarify your current question please? You wrote "If i am keeping router above on my ASA" but in your design there are 2 routers above the ASA...

Hi Buddy,

Okey here is my Question.

According to our requirements if i configure Security Context will i be able to do the following.

1. ISP 1 will be terminating on Router -A

2. ISP 2 will be terminating on Router -B

3. Traffic from VLAN 2 should use only ISP-2 to go out.

4. Traffic from VLAN 3 Should use only ISP-1 to go out.

3. will i be able to Tunnel VPN traffic in and out from ISP-1 and 2 to VLANand VLAN to ISP-1 and 2

If you need any more clarrifcation plz let me know

Thanks in Advance

Shridhar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: