09-17-2012 08:41 AM - edited 03-11-2019 04:55 PM
Hi all, Greetings,
I got an ASA 5510 system currently in single context mode, with CSC SSM installed. Single ISP uplink to internet, no VPN. And now customer would like add another ISP uplink, without invest another box for HA ...
What come across my mind is make the current box into multi context. There's some area i need to concern and also need yours perspective on it.
Question 1
For making the firewall into multi context, am i need to do it from scratch, issue mode multiple command. Then rebuilt the current production config into one of the context, then another context meant for the new IPS uplink, and one admin context?
Question 2
For CSC -SSM licensing requirement, model ASA 5510 with security plus license is able to support 2 context. So if i split my firewall like what i mention in question, what exactly number of context do i own (admin, context A, context B)?
Question 3
For CSC-SSM module in multi context mode, so the management port of CSC SSM must attach at admin context?
Question 4
After configured all the policy and traffic to scan, how exactly i should do in order apply this policy to the interface? Should i only enable at admin context, then firewall \ service-policy rules, and apply it global, OR should i also do the same action on context A and Context B?
FACT:
A. ASA Code running on ASA 8.3(1)
B.this box have base license and plus license.
C. CSC SSM version 6.3, with base and plus license.
Thanks
Noel
Solved! Go to Solution.
09-17-2012 09:03 AM
Hello Yong,
1) As soon as you set the ASA in multiple-context all the configuration will be erased and yes you will need to start from scratch
2) Correct, you will be able to use 2 context with the security plus:
Security Plus License: 2 contexts.
Optional license: 5 contexts.
3)You will need to configure only 1 security policy which applies to all contexts ( not on the admin context)
4) For further information read the following discussions:
https://supportforums.cisco.com/message/3004042
https://supportforums.cisco.com/thread/2087677
Any other question.. Sure,, Just remember to rate all of my posts
Julio
09-17-2012 09:03 AM
Hello Yong,
1) As soon as you set the ASA in multiple-context all the configuration will be erased and yes you will need to start from scratch
2) Correct, you will be able to use 2 context with the security plus:
Security Plus License: 2 contexts.
Optional license: 5 contexts.
3)You will need to configure only 1 security policy which applies to all contexts ( not on the admin context)
4) For further information read the following discussions:
https://supportforums.cisco.com/message/3004042
https://supportforums.cisco.com/thread/2087677
Any other question.. Sure,, Just remember to rate all of my posts
Julio
09-17-2012 06:43 PM
Hi Julio,
thanks for reply and yes, it's very imformative.
One more follow up question?
How ASA can achieve dual uplink "load balancing"? provided at firewall back with a L3 switch that can do routing, PBR etc..
Thanks
Noel
09-17-2012 08:54 PM
Hello Yong,
You will need to use the layer 3 for the PBR as The ASA does not support PBR but let me ask. What is the PBR scenario you are trying to do? What are you trying to accomplish?
Regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide