Solved

Firewall Configuration

Posted on 2013-12-19
6
263 Views
Last Modified: 2013-12-22
I am supposed to setup a Cisco ASA firewall to receive traffic from 3 separate network on the outside interface and those networks need to go through in three separate instance. I believe it has a name, I don't know it. I'm looking for help to configure this. Any detailed step-by-step or any previous help of it has been done would be appreciated.
0
Comment
Question by:SydNal2009
  • 4
  • 2
6 Comments
 
LVL 3

Assisted Solution

by:vyaradaikin
vyaradaikin earned 500 total points
ID: 39729752
Greetings. ASA has a virtualization capability called context. It has a system context, where you configure features like subinterfaces, port-channels, failover and context definition and so. Also it has administration context tha is used for administration and management purposes.
First, you need to understand what goals you need to achieve before start to configure.
Can you draw a scheme for the beginning?
0
 

Author Comment

by:SydNal2009
ID: 39729895
The idea is to create a context for each one of the 3 networks to operate as if each one is on a separate firewall, e.g. being separate. I'm glad you mentioned failover, that was going to be my next research point as well as how to back up the configuration of the firewall in such an environment.
0
 
LVL 3

Assisted Solution

by:vyaradaikin
vyaradaikin earned 500 total points
ID: 39731105
You need not only one network in the context. It must be at least two networks, one for input and one for output.
That's for beginning:

system context config:

interface GigabitEthernet3/1.101
decription link for context1
 vlan 101
interface GigabitEthernet3/1.102
ecription link for context2
vlan 102
interface GigabitEthernet3/1.103
ecription link for context3
vlan 103

context gau
  allocate-interface GigabitEthernet3/1.101
  config-url disk0:/context1.cfg
!

context gau-office
  allocate-interface GigabitEthernet3/1.102
  config-url disk0:/context2.cfg


context wifi
  allocate-interface GigabitEthernet3/1.103
  config-url disk0:/context3.cfg
!



context 1 config:

interface GigabitEthernet3/1.101
nameif outside
security-level 0
ip address 6.6.6.1 255.255.255.248
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:SydNal2009
ID: 39731816
Thanks very much this is great info. I know I will have to configure those vlans on my switches as well, but As you mentioned you have to setup an IP address for the outside and inside interface. Can I also do all other firewall functions such as NAT? and I were to want want to run a routing protocol such as OSPF how would that be done?
0
 
LVL 3

Accepted Solution

by:
vyaradaikin earned 500 total points
ID: 39732543
ASA is able to do these features and even per context with new version of ASA 9.0 and higher. You can find a lot of material about configuring Cisco ASA here for example.
Also these cisco.com links will help:
Configuring OSPF:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809a417a.shtml
NAT:
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/nat_overview.html
Failover:
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/ha_failover.html
0
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39732546
Let me know if you have trouble with configuring it.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question