Solved

Firewall Configuration

Posted on 2013-12-19
6
256 Views
Last Modified: 2013-12-22
I am supposed to setup a Cisco ASA firewall to receive traffic from 3 separate network on the outside interface and those networks need to go through in three separate instance. I believe it has a name, I don't know it. I'm looking for help to configure this. Any detailed step-by-step or any previous help of it has been done would be appreciated.
0
Comment
Question by:SydNal2009
  • 4
  • 2
6 Comments
 
LVL 3

Assisted Solution

by:vyaradaikin
vyaradaikin earned 500 total points
ID: 39729752
Greetings. ASA has a virtualization capability called context. It has a system context, where you configure features like subinterfaces, port-channels, failover and context definition and so. Also it has administration context tha is used for administration and management purposes.
First, you need to understand what goals you need to achieve before start to configure.
Can you draw a scheme for the beginning?
0
 

Author Comment

by:SydNal2009
ID: 39729895
The idea is to create a context for each one of the 3 networks to operate as if each one is on a separate firewall, e.g. being separate. I'm glad you mentioned failover, that was going to be my next research point as well as how to back up the configuration of the firewall in such an environment.
0
 
LVL 3

Assisted Solution

by:vyaradaikin
vyaradaikin earned 500 total points
ID: 39731105
You need not only one network in the context. It must be at least two networks, one for input and one for output.
That's for beginning:

system context config:

interface GigabitEthernet3/1.101
decription link for context1
 vlan 101
interface GigabitEthernet3/1.102
ecription link for context2
vlan 102
interface GigabitEthernet3/1.103
ecription link for context3
vlan 103

context gau
  allocate-interface GigabitEthernet3/1.101
  config-url disk0:/context1.cfg
!

context gau-office
  allocate-interface GigabitEthernet3/1.102
  config-url disk0:/context2.cfg


context wifi
  allocate-interface GigabitEthernet3/1.103
  config-url disk0:/context3.cfg
!



context 1 config:

interface GigabitEthernet3/1.101
nameif outside
security-level 0
ip address 6.6.6.1 255.255.255.248
0
Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

 

Author Comment

by:SydNal2009
ID: 39731816
Thanks very much this is great info. I know I will have to configure those vlans on my switches as well, but As you mentioned you have to setup an IP address for the outside and inside interface. Can I also do all other firewall functions such as NAT? and I were to want want to run a routing protocol such as OSPF how would that be done?
0
 
LVL 3

Accepted Solution

by:
vyaradaikin earned 500 total points
ID: 39732543
ASA is able to do these features and even per context with new version of ASA 9.0 and higher. You can find a lot of material about configuring Cisco ASA here for example.
Also these cisco.com links will help:
Configuring OSPF:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809a417a.shtml
NAT:
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/nat_overview.html
Failover:
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/ha_failover.html
0
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39732546
Let me know if you have trouble with configuring it.
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

4 Experts available now in Live!

Get 1:1 Help Now