Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4816
Views
0
Helpful
1
Replies

ASA Multiple contexts with inter-context communication

Billy Dodson
Level 1
Level 1

‎11-12-2010 02:51 PM - edited ‎03-11-2019 12:08 PM

I am trying to wrap my head around the ASA with multiple context.  I understand how you assign interfaces and what not to the context, what I am trying to figure out is how to allow the context to communicate with each other.

Say I have an organization with 3 seperate companies, owned by the own parent organization.  These 3 companies are going to share the same data center.

I need 4 context + admin.  One for each company, plus a shared zone with things like webservers, they are also going to share the same callmanager cluster.

I need to be able to firewall the connectivity between the 3 different companies, and unsure how to use contexts to do this.  If I have a seperate vlan for each company with a sub interface tagged in the respected vlan for each company, how to you permit traffic to flow from one to the other?  Do you need a shared zone where the traffic would be routed?

I found a document detailing how the shared network will function and be configured, but I have not seen any documentation on traffic between the contexts.

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎11-12-2010 03:18 PM

Billy

You basically have 2 options for inter-context traffic -

1) use shared interfaces as you have already suggested and these can be useful for shared resources

2) route between the contexts ie. if company A being context A wants to get to company B behind context B you go through the inside interface of context A out the outside to the next-hop router and then route the traffic to the outside interface of company B and then through context B to the inside interface.

Obviously using 2 is keepoing complete segregation between the companies and treating each companies firewall as a completely independant firewall.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card