Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
979
Views
0
Helpful
1
Replies

About the combination of VRF with ASA multiple context mode.

jixinwei007
Level 1
Level 1

‎08-17-2015 06:46 AM - edited ‎03-11-2019 11:26 PM

Right now I am doing O&M for a small-scale data center which have multiple vrf instances combining with ASA multiple context firewall. 

I have found that it is quite common to route multiple firewalls through a security device to enforce a security boundary.

However, if VRF adds a rd-tag in front of the IP header, how do the virtual firewall in ASA supposed to decide that it is a legal ip header?

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎08-17-2015 09:55 AM

Not sure I understand the question.

ASAs do not support VRFs but the VRF would simply terminate on the ASA ie. to the ASA it is just receiving IP packets, it has no idea these are part of a VRF.

The packets within a VRF don't have an RD in the IP header, the RD is used by MP-BGP.

If you mean MPLS labels then the ASA doesn't support MPLS either.

Perhaps I have misunderstood and if so can you clarify the question ?

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card