With multiple context mode, you can enables a physical firewall to be partitioned into multiple standalone firewalls. Each standalone firewall acts and behaves as an independent entity with its own configuration, interfaces, security policies, routing table, and administrators. In Cisco ASA, these virtual firewalls are known as security contexts.
The following are some example scenarios in which security contexts are useful in network deployments:
You act as a service provider and you want to provide firewall services to customers.However, you do not want to purchase additional physical firewalls for each customer.
You administer a large enterprise with different departmental groups, and each department wants to implement its own security policies.
You have overlapping networks in your organization and you want to provide firewall services to all of those networks without changing the addressing scheme.
You currently manage many physical firewalls and you want to integrate security policies into one physical firewall.
so in your case you have clients connecting to your firewall via vpn to access internal resources, then you dont need to apply any addtional context to your firewall.
so i have three customers want to access my internal network through the firewall.
My internal network have VLAN 10,20,30,40,and
Customer A want to access only VLAN 10
Customer B want to access only VLAN 10,20
Customer C want to access only VLAN 10,20,30,40,50.
Is mulitiple security context apply to this scenario? Or i just better to go with a Single context mode? Security is my main concern, is Multiple security context makes it more secure here? Ther reason i said that is they can have their own routing table.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...