Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1005
Views
0
Helpful
4
Replies

ASA Multiple Context for SSL RAVPN

Go to solution
fatalXerror
Level 5
Level 5

‎06-03-2018 11:51 PM - edited ‎03-12-2019 05:20 AM

Hi Guys,

In multiple context mode of ASA, is it feasible to have different interfaces allocated to the each contexts? For example, in context BETA I will allocate G0/0-0/1 and in context ALPHA I will allocate G0/2-0/3?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni
In response to fatalXerror

‎06-06-2018 05:22 AM

Hi @fatalXerror,

Using vlans to differentiate between contexts is possible, config should be something like:

ciscoasa(config)# context new-asa
ciscoasa(config-ctx)# allocate-interface po1.100
ciscoasa(config-ctx)# context old-asa
ciscoasa(config-ctx)# allocate-interface po1.200

Also a possibility is to use a shared interface, in which case you would have the same vlan and interface.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni

‎06-04-2018 04:08 AM

I would say that is the main idea of contexts on the asa, just keep in mind that not all anyconnect features are available on the multi context asas.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/200353-ASA-Multi-Context-Mode-Remote-Access-A.html

 

HTH

Bogdan

 

0 Helpful

Go to solution
fatalXerror
Level 5
Level 5
In response to Bogdan Nita

‎06-06-2018 04:41 AM

Hi Bogdan,

Thanks for the feedback.

Going back to the multiple context, because I do have 2 old separate firewalls and I want to join them in 1 ASA. Just want to clarify, in the new design, what I can do in the uplink is to be in a per VLAN interface right?

For example, my old ASA-A port G0/0 will be in Po1.100 in my new ASA and my old ASA-B port G0/0 will be in Po1.200 in my new ASA.

Thanks for the help.

0 Helpful

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni
In response to fatalXerror

‎06-06-2018 05:22 AM

Hi @fatalXerror,

Using vlans to differentiate between contexts is possible, config should be something like:

ciscoasa(config)# context new-asa
ciscoasa(config-ctx)# allocate-interface po1.100
ciscoasa(config-ctx)# context old-asa
ciscoasa(config-ctx)# allocate-interface po1.200

Also a possibility is to use a shared interface, in which case you would have the same vlan and interface.

0 Helpful

Go to solution
fatalXerror
Level 5
Level 5
In response to Bogdan Nita

‎06-06-2018 07:55 PM

Hi Bogdan,

Good Day!

Thanks for the feedback again and possible solution.

However, my clients wants it still to be separated just like their old design in which we just put it in 1 shared machine.

Thanks

0 Helpful
Customers Also Viewed These Support Documents