Some features, such as VPN and dynamic routing protocols, are not supported in
multiple context mode. In addition, interfaces can be shared between contexts but supported in routed mode
only. For example, the outside interface can be shared to conserve interfaces, or Inside and demilitarized zone
(DMZ) interfaces can be used to share resources between contexts.
There are a number of ways to set up a Security Appliance in multiple mode. The following sections illustrate
two common ways for the implementation, including sharing an interface between the contexts.
Multiple Contexts??”Routed Mode (with Shared Resources)
Figure 6-6 shows an admin context plus two multiple contexts for multiple departments within an organization,
each with three segments: an Inside, an Outside, and a shared segment. Each department has its own security
context (virtual firewall) so that it can have its own security policy (NAT, access list, routing, and so on). Several
servers are shared across both departments. Hence these servers are placed on a shared network using the
shared interface concept.
Figure 6-6. Multiple Contexts??”Routed Mode (with Shared Resources)
[View full size image]
Multiple Contexts??”Transparent Mode
Figure 6-7 shows an admin context plus three multiple contexts for multiple customers in a transparent mode.
Pages:
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267