Two Security Context for Customers on One firewall means TWO Virtual
firewall on One Physical Box.
so every Customer context has its own configuration, interfaces, security
policies(ACLs), etc.
means every customer context acts as a virtual firewall with its own
configuration that contains almost all the options that are available in a
standalone firewall.
In Active/Active Failover, both units can pass network traffic which works
in only multiple context mode for load balancing .
On Firewall 1 - CustA(Active),CustB(Stand)---- Firewall 2 -
CustA(Stand),CustB(Active)
Please correct me If I am missing something .
Thanks
Shahid Ansari
On Wed, Jun 17, 2009 at 10:33 AM, Muhammad Nasim
<muhammad.nasim_at_gmail.com>wrote:
> Also you can have Different zones (Secutiry levels in Cisco ASA language)
> INSIDE EACH SECURITY CONTEXT as well
>
> 2009/6/17 Muhammad Nasim <muhammad.nasim_at_gmail.com>
>
> > Also you can have Different zones (Secutiry levels in Cisco ASA language)
> > as well
> >
> >
> >
> > 2009/6/17 Muhammad Nasim <muhammad.nasim_at_gmail.com>
> >
> > Access-lists has nothing to do with Security Contexts creation and
> >> deletion,
> >>
> >> You can have two security contexts in both firewalls for Active-Active
> >> fine,
> >>
> >> And inside one security contexts you can have access-lists (or security
> >> policies)
> >>
> >> HTH
> >>
> >>
> >> 2009/6/17 Ashwin Iyer <ash.iyer_at_gmail.com>
> >>
> >> Hi Experts
> >>> I have a question regarding configuring cisco ASA firewall.Customer has
> a
> >>> pix firewall and now he is moving to cisco ASA 5520-with AIP SSM-20.Now
> >>> inside pix you have many zones or segments created.I wont call it
> >>> zones,but
> >>> traffic classifcations.Like *www,XTR* ,all different access-list.Now
> >>> customer wants multiple contexts between the two ASA's.As i understand
> by
> >>> default u can *have two cust and one admin context.*
> >>> **
> >>> So is it as simple as adding *all the differnt access-lists into ASA on
> >>> both
> >>> the ASA's* and doing active-active configs?
> >>> kindly help me out here
> >>>
> >>> cheers
> >>> Ashwin
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >> --
> >> Muhammad Nasim
> >> Network Engineer
> >> Saudi Arabia
> >>
> >
> >
> >
> > --
> > Muhammad Nasim
> > Network Engineer
> > Saudi Arabia
> >
>
>
>
> --
> Muhammad Nasim
> Network Engineer
> Saudi Arabia
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Jun 17 2009 - 11:29:16 ART
This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:37 ART