dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed


2 edits
reply to mbruno

Re: [Config] Cisco ASA 5505

Ideally I would suggest to use Multiple Context where one Context is dedicated to each network (in this case, one Context is dedicated to Lab 1, 2, 3 accordingly). This way, each network has its own routing table and never share the same routing table. In other words, having Multiple Context in place is like having multiple virtual firewalls of one physical firewall.

Note that once you have an ASA to run Multiple Context, the firewall loses some features including static NAT/PAT. Since you wish to have such static NAT/PAT in place, then the use of Multiple Context will be incomplete without an additional box to just do the static NAT/PAT. If you have let's say two ASA firewalls, you can dedicate one to do Multiple Context and another one to do the static NAT/PAT.

When you only have one ASA firewall, then another solution is to set each network to be on different Security Level or different Security Zones. With this solution, you don't lose any firewall features so you can still do static NAT/PAT on the same ASA firewall however all networks share the same routing table though you still maintain some security.

In general, an ASA should be able to handle either solution however you may want to make sure that the ASA in question has proper license in order to support what you need to accomplish.

For the last question to regulate outbound or inbound traffic to whether response to certain protocols or have access to certain outside resources, this is a job for ACL (access-list and access-group commands to be exact). Simply create appropriate source and destination IP addresses, protocol, and TCP/UDP port numbers and apply to appropriate interface, then you should be good to go.