Hello, I'm trying to solve a problem (or to try to undertand if this problem has a solution) regarding multiple contexts on a pair of ASA-5516.
This pair of ASA should be used to connect a single CISCO 3580 (let's call it VSS) to 3 different sites (each of them with unspecified active/passive firewall pairs, let's call them FW1, FW2, FW3)
These pairs are completely independent, so it would be necessary to be able to react to separate failover of these remote pairs.
My first idea was to use multiple context, with an active/active configuration, so that in case of a failure of a remote active (es. FW3), the context 3 would failover to the 2nd unit.
Anyway, reading the documentation, it seems to me that it is impossible to make the 3 contexts completely independent, as the tracking is done on failover groups, not on contexts, and that a maximum of 2 failover groups are available on a cluster.
Is this correct, that I can't just define 3 completely independent contexts ?
Is there any alternative solution to this problem, taking into account that I have to use these 5516 ?
Thanks for your advices and opinions on this matter
Setting up some 3rd party devices for my Fire and Rescue trucks that will VPN back to our FPR-2110. I can blatantly see what's going on with the IKEv2 platform and protocol debugs on. It's selecting the wrong dynamic map!IKEv2-PLAT-4: (32): Cry...
On January 22, 2020, the Cisco Product Security Incident Response Team (PSIRT) disclosed a vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC). The vulnerability could allow an unauthenticated, remote attac...
Meet the Authors Event - A Cybersecurity Deep Dive with Omar Santos
(Live event – Thursday, January 23rd, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event will have place on Thursday 23rd, January 2020 at 10hrs PDT
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...