Thursday, September 24, 2020

Firepower 2140 ASA & Multi Context - Any Issues?

We bought two FP2140s over a year ago. Found out how much of a dumpster fire FP is (thank you r/networking!) and decided to implement PAN instead.

I am now reconfiguring these two boxes with ASA only. They will be our VPN endpoint and may replace our perimeter 5516-X in the future. We also have a small FW that serves as an endpoint for vendor IPSEC connections that I might integrate into this.

Has anyone had issues with FP2140s running ASA in multi-context mode? Especially with VPN? I remember VPN wasn't supported in multi-context in the past. Anything else they don't support?

I'm also trying to decide if it's even worth it to run separate contexts for perimeter FW, AnyConnect VPN endpoint and IPSEC VPN endpoints. Or is it better to simply run all these functions on a single context with different interfaces (the 2140 isn't lacking on interfaces).

Multiple contexts can get complicated and be a management hassle. I don't know if separating these duties into different contexts will provide any extra security.

Who combines their perimeter & VPN into a single firewall cluster?

I'm also going to ask Cisco about this. It's good to have some real-world experiences to keep them honest.



No comments:

Post a Comment