10-30-2012 12:48 AM - edited 03-11-2019 05:16 PM
I have a ASA 5510 and planning to implement multiple context in a 2 tier security level and vrf-lite. meaning I have 2xASA facing the internet and below that a 2x3560 switch for our extranet and below that is another 2xASA for intranet. See diagram below. In this kind of network I want to know how it would impact the total throughput and resources of the ASA using multiple context?
INTERNET
| |
| |
2811A 2811B
| |
| | (OUTSIDE)
ASA_A-------ASA_B
| | (INSIDE)
| |
3560A---------3560B
| |
| | (INSIDE)
ASA_C--------ASA_D
| |
| | (OUTSIDE)
3560C----------3560B
| |
INTERNAL NETWORK
10-30-2012 10:28 AM
Hello John,
Pretty nice network design!
Well my first recommendation is to be aware of the features you will loose when going to multiple context, then the applicance throughput will be split into the multiple contexts. same thing with the ASA resources but you can configure this manually on each context.
As an example:
http://www.howfunky.com/2010/05/cisco-asa-resource-allocation-for.html
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html
Regards,
Julio
10-30-2012 05:54 PM
Hi jcarvaja,
thanks. this is the first time i will implement this kind of design. you're correct that it will split all the resources and the throughput. i want to know the best practice of configuring the resources.
10-30-2012 06:45 PM
Hello John,
Well that will depend on how many traffic will go across one specific context ( If A has more, then allocate more resouces to that one) You will be the one knowing your network and determining what is the best resoruce class configuration
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide