10-28-2009 10:14 PM - edited 03-11-2019 09:33 AM
Is this possible after enabling Security Context on ASA 5510 .
Requirement:
Will be able to allow Dedicatedly Vlan 5 Traffic (In Red Line) to use ISP-2 to communicate outer world and Vise versa if I enable Security Context in ASA 5510
Will be able to allow Dedicatedly Vlan 3 Traffic (In Blue Line) to use ISP-1 to communicate outer world and Vise versa.
Will be able to configure VPN when we enable Security Context on ASA 5510
10-29-2009 12:18 AM
To the first question(s): Yes, this separattion of traffic is precisely what security contexts are meant for, i.e. you will have 2 "virtual firewalls" each with their own (sub)interfaces and their own routing table.
To the second question: unfortunately no, you cannot configure VPN in multi-context mode (yet - this may be supported at some point in the future).
10-29-2009 12:53 AM
HI ,
If i am keeping router above on my ASA then can i do this or not.. Because some guys are telling that we can do.
Shridhar
10-29-2009 01:23 AM
You mean have a single router on the outside of the ASA?
Should be no problem, it just gets a bit more complex, i.e. you can either:
- configure a shared outside interface on the ASA, and PBR (Policy Based Routing) on the router (since you cannot route based on destination, you will need to route based on source address)
OR
- keep the traffic totally separated by configuring VRF-lite on the router, so you get 2 virtual routers, each which its own (sub)interfaces and routing table (very similar to contexts on the ASA).
10-29-2009 01:51 AM
Can you please be more specific i have posted the Network Design with this Question.
10-29-2009 02:09 AM
Well, can you clarify your current question please? You wrote "If i am keeping router above on my ASA" but in your design there are 2 routers above the ASA...
10-29-2009 02:23 AM
Hi Buddy,
Okey here is my Question.
According to our requirements if i configure Security Context will i be able to do the following.
1. ISP 1 will be terminating on Router -A
2. ISP 2 will be terminating on Router -B
3. Traffic from VLAN 2 should use only ISP-2 to go out.
4. Traffic from VLAN 3 Should use only ISP-1 to go out.
3. will i be able to Tunnel VPN traffic in and out from ISP-1 and 2 to VLANand VLAN to ISP-1 and 2
If you need any more clarrifcation plz let me know
Thanks in Advance
Shridhar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: