We have a hosted data center environment. We use dual ASA 5510 for connection going out to Internet. On the internal side of the ASA5510, we use unique VLANs to identify different hosted customers and also isolate traffic among them. Recently we run into an issue that one customer can not email another customer whoes email servers are both residing in our hosted environment. For Example,
Customer A email server is configured with 10.10.1.1 with public IP mapped on ASA5510 as 184.108.40.206. Customer B email server is configured with 192.168.2.1 with public IP mapped on same ASA5510 as 220.127.116.11. When customer A send email to customer B, traffic got blocked, which is expected on ASA. Now we are trying to keep the proper security while somehow allow 2 customer to communicating emails.
We could configure ACL specific to do the job but it will not be managable if there are 50 customers need to email another 50 customers in the same environment...
In most enterprise deployment, that hosts hundreds of tenants, they would normally use Cisco FWSM running in multi-context mode. This mean one virtual FW per customer. On the switching side, Cisco Nexus 7K is used instead.
P/S: if you think this comment is useful, please do rate them nicely :-)
Ramraj Sivagnanam Sivajanam
Technical Specialist/Service Delivery Manager – Managed Service Department
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :