Sample Configurations
This appendix illustrates and describes a number of common ways to implement the security appliance,
and includes the following topics:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Example 1: Multiple Mode Firewall With Outside Access
This configuration creates three security contexts plus the admin context, each with an inside and an
outside interface. The Customer C context includes a DMZ interface where a Websense server for HTTP
filtering resides on the service provider premises (see
Inside hosts can access the Internet through the outside using dynamic NAT or PAT, but no outside hosts
can access the inside.
The Customer A context has a second network behind an inside router.
The admin context allows SSH sessions to the security appliance from one host.
Although inside IP addresses can be the same across contexts when the interfaces are unique, keeping
them unique is easier to manage.
OL-10088-01
Example 1: Multiple Mode Firewall With Outside Access, page B-1
Example 2: Single Mode Firewall Using Same Security Level, page B-6
Example 3: Shared Resources for Multiple Contexts, page B-8
Example 4: Multiple Mode, Transparent Firewall with Outside Access, page B-12
Example 5: WebVPN Configuration, page B-16
Example 6: IPv6 Configuration, page B-18
Example 7: Cable-Based Active/Standby Failover (Routed Mode), page B-20
Example 8: LAN-Based Active/Standby Failover (Routed Mode), page B-21
Example 9: LAN-Based Active/Active Failover (Routed Mode), page B-22
Example 10: Cable-Based Active/Standby Failover (Transparent Mode), page B-26
Example 11: LAN-Based Active/Standby Failover (Transparent Mode), page B-28
Example 12: LAN-Based Active/Active Failover (Transparent Mode), page B-30
Example 14: Dual ISP Support Using Static Route Tracking, page B-33
Example 14: ASA 5505 Base License, page B-34
Example 15: ASA 5505 Security Plus License with Failover and Dual-ISP Backup, page B-36
A P P E N D I X
Figure
B-1).
Cisco Security Appliance Command Line Configuration Guide
B
B-1