ASA Multiple contexts with inter-context communication
I am trying to wrap my head around the ASA with multiple context. I understand how you assign interfaces and what not to the context, what I am trying to figure out is how to allow the context to communicate with each other.
Say I have an organization with 3 seperate companies, owned by the own parent organization. These 3 companies are going to share the same data center.
I need 4 context + admin. One for each company, plus a shared zone with things like webservers, they are also going to share the same callmanager cluster.
I need to be able to firewall the connectivity between the 3 different companies, and unsure how to use contexts to do this. If I have a seperate vlan for each company with a sub interface tagged in the respected vlan for each company, how to you permit traffic to flow from one to the other? Do you need a shared zone where the traffic would be routed?
I found a document detailing how the shared network will function and be configured, but I have not seen any documentation on traffic between the contexts.
Re: ASA Multiple contexts with inter-context communication
You basically have 2 options for inter-context traffic -
1) use shared interfaces as you have already suggested and these can be useful for shared resources
2) route between the contexts ie. if company A being context A wants to get to company B behind context B you go through the inside interface of context A out the outside to the next-hop router and then route the traffic to the outside interface of company B and then through context B to the inside interface.
Obviously using 2 is keepoing complete segregation between the companies and treating each companies firewall as a completely independant firewall.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...