Hi all, Greetings,
I got an ASA 5510 system currently in single context mode, with CSC SSM installed. Single ISP uplink to internet, no VPN. And now customer would like add another ISP uplink, without invest another box for HA ...
What come across my mind is make the current box into multi context. There's some area i need to concern and also need yours perspective on it.
Question 1
For making the firewall into multi context, am i need to do it from scratch, issue mode multiple command. Then rebuilt the current production config into one of the context, then another context meant for the new IPS uplink, and one admin context?
Question 2
For CSC -SSM licensing requirement, model ASA 5510 with security plus license is able to support 2 context. So if i split my firewall like what i mention in question, what exactly number of context do i own (admin, context A, context B)?
Question 3
For CSC-SSM module in multi context mode, so the management port of CSC SSM must attach at admin context?
Question 4
After configured all the policy and traffic to scan, how exactly i should do in order apply this policy to the interface? Should i only enable at admin context, then firewall \ service-policy rules, and apply it global, OR should i also do the same action on context A and Context B?
FACT:
A. ASA Code running on ASA 8.3(1)
B.this box have base license and plus license.
C. CSC SSM version 6.3, with base and plus license.
Thanks
Noel