06-24-2008 10:43 PM - edited 03-12-2019 05:57 PM
one of my client has following requirement for ASA 5510 with CSC.
They want to publish their emails (DMZ) and want to use asa just like standard firewall setup.
On same ASA they want to connect 15 guest user on there n/w with complete different firewall and content filtering policies. My question:
1- If i use security context. Can i still use VPN features and content filtering
2- Can i define complete different zone for these guest users and define different content filtering policies.
If both are possible which one is more appropriate.
06-24-2008 11:45 PM
Hi Omair,
VPN is not supported in context mode.
06-25-2008 03:21 AM
Hmm but i need IPSEC VPN and probably 4-10 SSL VPN beside IPSEC.
Means i cannot use security context for this problem...
what if define 4 zones inside--outside--DMZ--GUEST and
Assign different firewall and content filtering properties for inside and GUEST zone.
In guest zone i will have different subnet and only guest machines will be connected there..
Kindly reply
06-25-2008 11:03 PM
Kindly help to sort it out!!!!
Become critical for me
06-25-2008 11:40 PM
Hi Omar,
Yes creating a Guest zone is what people do generally.
Then you have to configure access-lists for the Guest zone IP subnet permitting only the required services like http, mail etc.. Rest all traffic from and to the guest zone should be denied.
I believe this should suffice the requirement of your management.
Also make sure the guest zone is on an isolated vlan on the switch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide