Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

5510 with CSC module, multiple context confusion??

one of my client has following requirement for ASA 5510 with CSC.

They want to publish their emails (DMZ) and want to use asa just like standard firewall setup.

On same ASA they want to connect 15 guest user on there n/w with complete different firewall and content filtering policies. My question:

1- If i use security context. Can i still use VPN features and content filtering

2- Can i define complete different zone for these guest users and define different content filtering policies.

If both are possible which one is more appropriate.

4 REPLIES

Re: 5510 with CSC module, multiple context confusion??

Hi Omair,

VPN is not supported in context mode.

Community Member

Re: 5510 with CSC module, multiple context confusion??

Hmm but i need IPSEC VPN and probably 4-10 SSL VPN beside IPSEC.

Means i cannot use security context for this problem...

what if define 4 zones inside--outside--DMZ--GUEST and

Assign different firewall and content filtering properties for inside and GUEST zone.

In guest zone i will have different subnet and only guest machines will be connected there..

Kindly reply

Community Member

Re: 5510 with CSC module, multiple context confusion??

Kindly help to sort it out!!!!

Become critical for me

Re: 5510 with CSC module, multiple context confusion??

Hi Omar,

Yes creating a Guest zone is what people do generally.

Then you have to configure access-lists for the Guest zone IP subnet permitting only the required services like http, mail etc.. Rest all traffic from and to the guest zone should be denied.

I believe this should suffice the requirement of your management.

Also make sure the guest zone is on an isolated vlan on the switch.

134
Views
8
Helpful
4
Replies
CreatePlease to create content