https://community.cisco.com/t5/network-security/communication-between-asa-multiple-contexts/m-p/1235745#M861324 <HTML><HEAD></HEAD><BODY><P>Absolutely. I would create a new DMZ for each customer. Use 'inside' for your internal network and 'outside' for the public network if you have that connection.</P></BODY></HTML> Thu, 02 Apr 2009 13:42:29 GMT Collin Clark 2009-04-02T13:42:29Z https://community.cisco.com/t5/network-security/communication-between-asa-multiple-contexts/m-p/1235740#M861317 <P>Is it possible to create the following design:</P><P></P><P>1) Multiple Contexts: Customer Internal Network; Business Partner A, Business Partner B</P><P>2) Customer net can talk to Business Partner A and B (from the inside)</P><P>3) Business Partners can't talk to each other.</P><P></P><P>If this is possible, am I gaining any additional security with using this type of context design vs. putting the business partner connectivity in DMZ interfaces and using ACLs?</P><P></P><P></P><P> </P><P></P> Mon, 11 Mar 2019 15:13:16 GMT https://community.cisco.com/t5/network-security/communication-between-asa-multiple-contexts/m-p/1235740#M861317 captain131 2019-03-11T15:13:16Z https://community.cisco.com/t5/network-security/communication-between-asa-multiple-contexts/m-p/1235741#M861318 <HTML><HEAD></HEAD><BODY><P>Is there a specific reason why you would not have a single context and use a different interface for Internal, BP-A, and BP-B? It's possible to do it with multiple contexts, but I think it would be easier to do it with a single context.</P><P></P><P>Hope that helps.</P></BODY></HTML> Wed, 01 Apr 2009 20:27:50 GMT https://community.cisco.com/t5/network-security/communication-between-asa-multiple-contexts/m-p/1235741#M861318 Collin Clark 2009-04-01T20:27:50Z https://community.cisco.com/t5/network-security/communication-between-asa-multiple-contexts/m-p/1235742#M861319 <HTML><HEAD></HEAD><BODY><P>No specific reason. My reasoning (which may be convoluted are completely off) was to give each business partner the security of being seperated by a virtual firewall from one another. It's not a strict requirement, but more of a design "thought" I had when reviewing the functionality of contexts. It sounds like I'm making it more complicated than it needs to be?</P></BODY></HTML> Thu, 02 Apr 2009 11:51:09 GMT https://community.cisco.com/t5/network-security/communication-between-asa-multiple-contexts/m-p/1235742#M861319 captain131 2009-04-02T11:51:09Z https://community.cisco.com/t5/network-security/communication-between-asa-multiple-contexts/m-p/1235743#M861320 <HTML><HEAD></HEAD><BODY><P>I can understand your thinking, but IMO using a single context can be just as secure. I only use multiple contexts when necessary. Also keep in mind that you can not use VPN with multiple contexts. </P></BODY></HTML> Thu, 02 Apr 2009 13:11:56 GMT https://community.cisco.com/t5/network-security/communication-between-asa-multiple-contexts/m-p/1235743#M861320 Collin Clark 2009-04-02T13:11:56Z https://community.cisco.com/t5/network-security/communication-between-asa-multiple-contexts/m-p/1235744#M861321 <HTML><HEAD></HEAD><BODY><P>Hi Colin - Thanks for the feedback. I've had similar feedback from other engineers I spoke with offline. I will very likely go back to the single context mode. Would you suggest using DMZ's as part of the design?</P></BODY></HTML> Thu, 02 Apr 2009 13:35:56 GMT https://community.cisco.com/t5/network-security/communication-between-asa-multiple-contexts/m-p/1235744#M861321 captain131 2009-04-02T13:35:56Z https://community.cisco.com/t5/network-security/communication-between-asa-multiple-contexts/m-p/1235745#M861324 <HTML><HEAD></HEAD><BODY><P>Absolutely. I would create a new DMZ for each customer. Use 'inside' for your internal network and 'outside' for the public network if you have that connection.</P></BODY></HTML> Thu, 02 Apr 2009 13:42:29 GMT https://community.cisco.com/t5/network-security/communication-between-asa-multiple-contexts/m-p/1235745#M861324 Collin Clark 2009-04-02T13:42:29Z