Firewall Configuration

Posted on 2013-12-19
Medium Priority
Last Modified: 2013-12-22
I am supposed to setup a Cisco ASA firewall to receive traffic from 3 separate network on the outside interface and those networks need to go through in three separate instance. I believe it has a name, I don't know it. I'm looking for help to configure this. Any detailed step-by-step or any previous help of it has been done would be appreciated.
Question by:SydNal2009
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2

Assisted Solution

vyaradaikin earned 2000 total points
ID: 39729752
Greetings. ASA has a virtualization capability called context. It has a system context, where you configure features like subinterfaces, port-channels, failover and context definition and so. Also it has administration context tha is used for administration and management purposes.
First, you need to understand what goals you need to achieve before start to configure.
Can you draw a scheme for the beginning?

Author Comment

ID: 39729895
The idea is to create a context for each one of the 3 networks to operate as if each one is on a separate firewall, e.g. being separate. I'm glad you mentioned failover, that was going to be my next research point as well as how to back up the configuration of the firewall in such an environment.

Assisted Solution

vyaradaikin earned 2000 total points
ID: 39731105
You need not only one network in the context. It must be at least two networks, one for input and one for output.
That's for beginning:

system context config:

interface GigabitEthernet3/1.101
decription link for context1
 vlan 101
interface GigabitEthernet3/1.102
ecription link for context2
vlan 102
interface GigabitEthernet3/1.103
ecription link for context3
vlan 103

context gau
  allocate-interface GigabitEthernet3/1.101
  config-url disk0:/context1.cfg

context gau-office
  allocate-interface GigabitEthernet3/1.102
  config-url disk0:/context2.cfg

context wifi
  allocate-interface GigabitEthernet3/1.103
  config-url disk0:/context3.cfg

context 1 config:

interface GigabitEthernet3/1.101
nameif outside
security-level 0
ip address
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!


Author Comment

ID: 39731816
Thanks very much this is great info. I know I will have to configure those vlans on my switches as well, but As you mentioned you have to setup an IP address for the outside and inside interface. Can I also do all other firewall functions such as NAT? and I were to want want to run a routing protocol such as OSPF how would that be done?

Accepted Solution

vyaradaikin earned 2000 total points
ID: 39732543
ASA is able to do these features and even per context with new version of ASA 9.0 and higher. You can find a lot of material about configuring Cisco ASA here for example.
Also these cisco.com links will help:
Configuring OSPF:

Expert Comment

ID: 39732546
Let me know if you have trouble with configuring it.

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question