ASA 5580 multiple contexts for two isp links and VPN

vaishalin · ‎02-16-2011

Following is our setup

Two sites with ASA5580(site-office) and ASA5505(head 0ffice) having internet connectivity
and site-to-site VPN configuration.

Now at site-office we are having two internet links ISP1 and ISP2.
We want to divert internet traffic on two links.

We are planning to do multiple contexts on ASA5580 to do this.

We want user+server use ISP1 and citizen use ISP2.

We will keep user+server+ISP1 in one context and citizen+ISP2 in another context.

Now we want citizen to access server.Can we achieve this routing between contexts
We cant use ISPs routers to do this routing.
How we can do this in ASA?

Second we want to keep site-to-site VPN configuration as it is through ISP1 link.

Please guide us with step by step configuration.

Also please give any reference document.

Thanks and Regards
Vaishali

PAUL GILBERT ARIAS · ‎02-16-2011

Hi,

If you are going to have two contexts each with one ISP connection and you want to route traffic between the two contexts then the external router should handle the routing, the ASA cannot move the traffic from one context to the other without sending the traffic to another L3 device.

Regarding the VPN question you won't be able to configure the ASA with multiple context and use one context for a Lan to Lan setup since it is not supported.

Please read:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/contexts.html#wp1116132

I hope this helps.

vaishalin · ‎02-16-2011

Hi

If we keep user network and ISP1 link in one context

and configure VPN for user network and othe side (head-office) lan will it work?

We require both configurations to work....VPN and multiple context.

Regards

Vaishali