Академический Документы
Профессиональный Документы
Культура Документы
SECURITY APPLIANCES
(ASA)
Hello!
I am ___________
I am here because I love to give
presentations.
2
Introduction
Introduction
- Supported Features:
- Only static routing
- Firewall features
- IPS
- Management
- Unsupported Features (for ASA pre 9 versions)
- VPN termination
- Dynamic Routing Protocol
- QoS
- New features introduced in ASA 9:
- Site-to-Site VPN in multiple context mode
- New resource type for site-to-site VPN tunnels
- Dynamic routing in Security Contexts
- New resource type for routing table entries
- Mixed firewall mode support in multiple context mode
5
Introduction
6
CONTEXT TYPES
7
Context Types
- System Context
- Admin Context
- Normal Context
8
System Context
9
Admin Context
- The admin context is like any other context, except that when a user logs in to
the admin context, that user will have system administrator rights, and can
access the system and all other contexts
- If you convert from a Single mode to the Multiple Context mode, the admin
context is created automatically and the configuration file will be created on
the flash memory
- This context could be combined with any regular user context or be dedicated.
10
Normal Context
12
Configuratio
n
13
Configuration
14
Configuration
15
Configuration Steps
16
Configuration Steps
17
Configuration Steps
18
Configuration Steps
19
Configuration Notes
20
Configuration Notes
- You may use non-overlapping subnets or simply different IPs on the same
subnet.
- By default both contexts will inherit the same MAC address from the
shared physical interface. This might result in the firewall not being able to
classify the incoming traffic properly.
21
Configuration
In order to enable multiple mode, enter this command:
hostname(config)# mode multiple
You are prompted to reboot the security appliance.
CiscoASA(config)# mode multiple
WARNING: This command will change the behavior of the device
WARNING: This command will initiate a Reboot
Proceed with change mode? [confirm]
Convert the system configuration? [confirm]
!
The old running configuration file will be written to flash
The admin context configuration will be written to flash
The new running configuration file was written to flash
Security context mode: multiple
***
*** −−− SHUTDOWN NOW −−−
***
*** Message to all terminals:
***
*** change mode
Rebooting....
22
Configuration
- You can’t rename the context, you will have to delete it, then
create a new one with the new name.
- Delete a Context:
No context ContextA
23
Example Scenario
24
FIREWALL CONTEXTS ROUTING
25
Firewall Context Routing
27
Firewall Context Routing
- Context Cascading
- Recall that physical interfaces
could be shared between the
contexts.
- In some scenarios, you may
even configure the same
physical interface as the inside
for one context and outside for
another. This is called context
cascading. *Look at the figure
below: 28
FIREWALL CONTEXTS CLASSIFICATION
29
Firewall Contexts Classification
30
Firewall Contexts Classification
33
Resource Management
34
Resource Management
35
Resource Management
37
Resource Management
38
Resource Management
39
Q&A
40
Thank You
41
References
42