how to implement virtual firewalls in this scenario?

Lasandro Lopez · ‎03-15-2013

One question for this scenarios
THere are two Physical Firewalls 5510 with 4 interfaces.
Firewall01
Interface 1 connected to ISP01 (outside)
Interface 2 connected to Inside network (LAN)
Interface 2 and 4 connected to two some intranet partners.
Firewall 02
Interface 1 connected to ISP02 (outside)
Interface 2 connected to Inside network (LAN)
So my question is:
Could i implement 2 Virtual FIrewalls on only one of the physical firewall, and implement services of virtual firewalls the same as the physical one?
So could i designate a physical interface, to more than one virtual firewall?
If possible, i could implement Active/Pasive on two physical ones, and have all the configuration as in actual schema.
Let me know, regards!

Jennifer Halim · ‎03-17-2013

You can configure multiple virtual firewalls in one physical ASA, it is called multiple context firewalls in ASA.

You can configure Active/Standby failover in 2 ASAs, and with multiple context mode, it is called Active/Active failover. It means that you can have for example Context A and B active on ASA-1 and Context C active on ASA-2, and Context A and B standby on ASA-2, and Context C standby on ASA-1.

Here is some sample configuration for your reference:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808d2b63.shtml

Hope that helps.