topic ASA multiple context question. in Network Security

ASA multiple context question.

LC O — Fri, 21 Feb 2020 15:59:30 GMT

I need an advised if this is possible to do in multiple context. I have a cisco 5516x and i want to used the the first port for isp and the 2nd port will have sub interfaces for internal network used i.e internal1 and internal2. Just wondering if its possible to used layer2 switch with this scenario.Thanks

Re: ASA multiple context question.

Pawan Raut — Tue, 17 Jul 2018 04:23:05 GMT

This is possible.

You can use first port Gi0/0 directly connecting to ISP and you can connect the second port Gi0/1 to layer two switch for internal network. You have to configure vlan on switch lets say vlan 10 (internal1) vlan 20 (internal 20). on switch where the ASA Gi0/1 connected switch port make that port as trunk and pass both vlan 10,20 in trunk.

Sample configuration as below.

on Switch

vlan 10

name internal1

vlan 20

name internal1

int Gi1/0/1

switch mode trunk

switch trunk allowed vlan 10.20

on ASA in system context

int Gi0/1.10

vlan 10

int Gi0/1.20

vlan 20

context abc

allocate-int Gi0/0

allocate-int Gi0/1.10

allocate-int Gi0/1.20

config-url abc.cfg

changeto context abc

int Gi0/0

nameif isp

sec 0

ip add 1.1.1.1 255.255.255.0

int Gi0/0.10

nameif internal1

sec 100

ip add 10.1.10.1 255.255.255.0

int Gi0/0.20

nameif internal2

sec 100

ip add 10.1.20.1 255.255.255.0

Kindly rate for useful post

Re: ASA multiple context question.

LC O — Tue, 17 Jul 2018 15:00:35 GMT

Thank you, Pawan. This is helpful enough for me. One last thing if i have unmanaged switch is this something that i can work on with multiple context.

Re: ASA multiple context question.

Pawan Raut — Wed, 18 Jul 2018 06:13:59 GMT

As non-managed switches don't have a way to define or manage VLANs nor do they support VLAN frame tagging for trunk support