Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN on ASA 5510 Using Security context senairo

Is this possible after enabling Security Context on ASA 5510 .

Requirement:

Will be able to allow Dedicatedly Vlan 5 Traffic (In Red Line) to use ISP-2 to communicate outer world and Vise versa if I enable Security Context in ASA 5510

Will be able to allow Dedicatedly Vlan 3 Traffic (In Blue Line) to use ISP-1 to communicate outer world and Vise versa.

Will be able to configure VPN when we enable Security Context on ASA 5510

6 REPLIES
Cisco Employee

Re: VPN on ASA 5510 Using Security context senairo

To the first question(s): Yes, this separattion of traffic is precisely what security contexts are meant for, i.e. you will have 2 "virtual firewalls" each with their own (sub)interfaces and their own routing table.

To the second question: unfortunately no, you cannot configure VPN in multi-context mode (yet - this may be supported at some point in the future).

New Member

Re: VPN on ASA 5510 Using Security context senairo

HI ,

If i am keeping router above on my ASA then can i do this or not.. Because some guys are telling that we can do.

Shridhar

Cisco Employee

Re: VPN on ASA 5510 Using Security context senairo

You mean have a single router on the outside of the ASA?

Should be no problem, it just gets a bit more complex, i.e. you can either:

- configure a shared outside interface on the ASA, and PBR (Policy Based Routing) on the router (since you cannot route based on destination, you will need to route based on source address)

OR

- keep the traffic totally separated by configuring VRF-lite on the router, so you get 2 virtual routers, each which its own (sub)interfaces and routing table (very similar to contexts on the ASA).

New Member

Re: VPN on ASA 5510 Using Security context senairo

Can you please be more specific i have posted the Network Design with this Question.

Cisco Employee

Re: VPN on ASA 5510 Using Security context senairo

Well, can you clarify your current question please? You wrote "If i am keeping router above on my ASA" but in your design there are 2 routers above the ASA...

New Member

Re: VPN on ASA 5510 Using Security context senairo

Hi Buddy,

Okey here is my Question.

According to our requirements if i configure Security Context will i be able to do the following.

1. ISP 1 will be terminating on Router -A

2. ISP 2 will be terminating on Router -B

3. Traffic from VLAN 2 should use only ISP-2 to go out.

4. Traffic from VLAN 3 Should use only ISP-1 to go out.

3. will i be able to Tunnel VPN traffic in and out from ISP-1 and 2 to VLANand VLAN to ISP-1 and 2

If you need any more clarrifcation plz let me know

Thanks in Advance

Shridhar

298
Views
0
Helpful
6
Replies
CreatePlease to create content