Re: traffic policy on ASA

S M85 · ‎07-14-2008

I was wondering if it was possible to make a traffic policy where i can decide to push trafic to another inside interface.

For example we are using 2 ports on the ASA 1 outside, second one for inside. On the inside there are several customers on the same trunk interface.

One customer of ours want to inspect his trafic for spam and several other kind of purposes (baracuda webfilter). Is it possible that i can make a traffic policy to filter my customers traffic. And forward that to the 2 other interfaces on ASA. SO that only the traffic of that customer flows trough INSIDE -> APPLIANCE -> OUTSIDE.

The other solution would be to remove the customer from the trunk and placed that on the 3rd interface of the ASA but then i need another port on the shared switch. (so than it would be INSIDE CUSTOMER -> LAN BARACUDA -> WAN BARACUDA -> INSIDE ASA "customer B" -> OUTSIDE ASA)

I really appreciate if someone knows an answer to my first question.

regards,

Sander

Marwan ALshawi · ‎07-14-2008

sure it possible

what you need to do it make sube interfaces on your inside interface

then you need to make you ASA in mutiple context

and assigne each customer to a defrent context and alocate each inside interface to defrent context and assign the outide interface to all context

so in this way ur ouside interface will be a shared interface between them all

in this way you can handel each context as saparat virtual firewall and apply deffrent policy and ACLs.. so on

but without VPN

good luck

Rate if helpful