?
Solved

Firewall Configuration

Posted on 2013-12-19
6
Medium Priority
?
268 Views
Last Modified: 2013-12-22
I am supposed to setup a Cisco ASA firewall to receive traffic from 3 separate network on the outside interface and those networks need to go through in three separate instance. I believe it has a name, I don't know it. I'm looking for help to configure this. Any detailed step-by-step or any previous help of it has been done would be appreciated.
0
Comment
Question by:SydNal2009
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 3

Assisted Solution

by:vyaradaikin
vyaradaikin earned 2000 total points
ID: 39729752
Greetings. ASA has a virtualization capability called context. It has a system context, where you configure features like subinterfaces, port-channels, failover and context definition and so. Also it has administration context tha is used for administration and management purposes.
First, you need to understand what goals you need to achieve before start to configure.
Can you draw a scheme for the beginning?
0
 

Author Comment

by:SydNal2009
ID: 39729895
The idea is to create a context for each one of the 3 networks to operate as if each one is on a separate firewall, e.g. being separate. I'm glad you mentioned failover, that was going to be my next research point as well as how to back up the configuration of the firewall in such an environment.
0
 
LVL 3

Assisted Solution

by:vyaradaikin
vyaradaikin earned 2000 total points
ID: 39731105
You need not only one network in the context. It must be at least two networks, one for input and one for output.
That's for beginning:

system context config:

interface GigabitEthernet3/1.101
decription link for context1
 vlan 101
interface GigabitEthernet3/1.102
ecription link for context2
vlan 102
interface GigabitEthernet3/1.103
ecription link for context3
vlan 103

context gau
  allocate-interface GigabitEthernet3/1.101
  config-url disk0:/context1.cfg
!

context gau-office
  allocate-interface GigabitEthernet3/1.102
  config-url disk0:/context2.cfg


context wifi
  allocate-interface GigabitEthernet3/1.103
  config-url disk0:/context3.cfg
!



context 1 config:

interface GigabitEthernet3/1.101
nameif outside
security-level 0
ip address 6.6.6.1 255.255.255.248
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:SydNal2009
ID: 39731816
Thanks very much this is great info. I know I will have to configure those vlans on my switches as well, but As you mentioned you have to setup an IP address for the outside and inside interface. Can I also do all other firewall functions such as NAT? and I were to want want to run a routing protocol such as OSPF how would that be done?
0
 
LVL 3

Accepted Solution

by:
vyaradaikin earned 2000 total points
ID: 39732543
ASA is able to do these features and even per context with new version of ASA 9.0 and higher. You can find a lot of material about configuring Cisco ASA here for example.
Also these cisco.com links will help:
Configuring OSPF:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809a417a.shtml
NAT:
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/nat_overview.html
Failover:
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/ha_failover.html
0
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39732546
Let me know if you have trouble with configuring it.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question