• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 270
  • Last Modified:

Firewall Configuration

I am supposed to setup a Cisco ASA firewall to receive traffic from 3 separate network on the outside interface and those networks need to go through in three separate instance. I believe it has a name, I don't know it. I'm looking for help to configure this. Any detailed step-by-step or any previous help of it has been done would be appreciated.
0
SydNal2009
Asked:
SydNal2009
  • 4
  • 2
3 Solutions
 
vyaradaikinCommented:
Greetings. ASA has a virtualization capability called context. It has a system context, where you configure features like subinterfaces, port-channels, failover and context definition and so. Also it has administration context tha is used for administration and management purposes.
First, you need to understand what goals you need to achieve before start to configure.
Can you draw a scheme for the beginning?
0
 
SydNal2009Author Commented:
The idea is to create a context for each one of the 3 networks to operate as if each one is on a separate firewall, e.g. being separate. I'm glad you mentioned failover, that was going to be my next research point as well as how to back up the configuration of the firewall in such an environment.
0
 
vyaradaikinCommented:
You need not only one network in the context. It must be at least two networks, one for input and one for output.
That's for beginning:

system context config:

interface GigabitEthernet3/1.101
decription link for context1
 vlan 101
interface GigabitEthernet3/1.102
ecription link for context2
vlan 102
interface GigabitEthernet3/1.103
ecription link for context3
vlan 103

context gau
  allocate-interface GigabitEthernet3/1.101
  config-url disk0:/context1.cfg
!

context gau-office
  allocate-interface GigabitEthernet3/1.102
  config-url disk0:/context2.cfg


context wifi
  allocate-interface GigabitEthernet3/1.103
  config-url disk0:/context3.cfg
!



context 1 config:

interface GigabitEthernet3/1.101
nameif outside
security-level 0
ip address 6.6.6.1 255.255.255.248
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
SydNal2009Author Commented:
Thanks very much this is great info. I know I will have to configure those vlans on my switches as well, but As you mentioned you have to setup an IP address for the outside and inside interface. Can I also do all other firewall functions such as NAT? and I were to want want to run a routing protocol such as OSPF how would that be done?
0
 
vyaradaikinCommented:
ASA is able to do these features and even per context with new version of ASA 9.0 and higher. You can find a lot of material about configuring Cisco ASA here for example.
Also these cisco.com links will help:
Configuring OSPF:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809a417a.shtml
NAT:
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/nat_overview.html
Failover:
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/ha_failover.html
0
 
vyaradaikinCommented:
Let me know if you have trouble with configuring it.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now