Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
4
Helpful
2
Replies

Cisco ASA multiple context mode

Go to solution
Nicholas Beard
Level 1
Level 1

‎11-17-2011 05:01 AM - edited ‎03-07-2019 03:27 AM

Hi all,

Im looking for some clarification regarding running a Cisco ASA in transparent mode with multiple contexts.  To give you an insight into the network design we have the following -

Collapsed Core/Aggregation Layer running Cisco 3750s.  The 2 Cisco 3750s are using SVIs with HSRP for default gateways per customer with a total of 8 customers.  Each customer is segregated into seperate VLANs with Cisco 2960 switches used in the Access layer.  Each customer has 2 Cisco 2960 switches with redundant uplinks to the Core/Aggregation layer.  Customers are spanning tree loadbalanced between core/aggregation switches.

What i need to now do is add two transparent firewalls into the mix in either an active/active or active/standby setup.  I need the firewalls to support all 8 customers,  therefore I am guessing they need to run in multiple context mode.  Having read into this it has left me somewhat confused as to how to integrate them into the above setup as a bump in the wire so to speak.  Any help or guidance on this would be greatly appreciated.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎11-17-2011 09:29 AM

Hi,

You would need to create 8 transparent contexts (one per customer) and assign 2 vlans in the same subnet to each customer.  For example:

vlan 1 and 11 for customer 1

vlan 2 and 20 for customer 2

vlan 3 and 30 for customer 2

and so on.

Have a look at this config guide for config examples:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/examples.html#wp1010043

HTH

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-17-2011 09:23 AM

Assuming you have the license to run multiple contexts, you can create them with associated configuration per context on the ASA.

One workable solution would be to make the ASA pair to aggregation switch connection a trunk with subinterfaces assigned to each context. The ASA Configuration Guide goes over more details on this approach. There is also an example configuration here.

Hope this helps.

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎11-17-2011 09:29 AM

Hi,

You would need to create 8 transparent contexts (one per customer) and assign 2 vlans in the same subnet to each customer.  For example:

vlan 1 and 11 for customer 1

vlan 2 and 20 for customer 2

vlan 3 and 30 for customer 2

and so on.

Have a look at this config guide for config examples:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/examples.html#wp1010043

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card