system context
: Saved
:
ASA Version 8.4(3) <system>
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
mac-address auto prefix 21717
!
interface GigabitEthernet0/0
description -- trunk interface
!
interface GigabitEthernet0/0.150
description -- vrf CustA
vlan 150
!
interface GigabitEthernet0/0.151
description -- vrf CustB
vlan 151
!
interface GigabitEthernet0/0.152
description -- vrf CustC
vlan 152
!
interface GigabitEthernet0/0.200
description -- transfer CustA
vlan 200
!
interface GigabitEthernet0/0.201
description -- transfer CustB
vlan 201
!
interface GigabitEthernet0/0.202
description -- transfer CustC
vlan 202
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface GigabitEthernet0/3
shutdown
!
interface GigabitEthernet0/4
shutdown
!
interface GigabitEthernet0/5
shutdown
!
interface Management0/0
!
interface Management0/1
shutdown
!
interface TenGigabitEthernet0/6
shutdown
!
interface TenGigabitEthernet0/7
shutdown
!
interface TenGigabitEthernet0/8
shutdown
!
interface TenGigabitEthernet0/9
description LAN/STATE Failover Interface
!
class default
limit-resource All 0
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
!
ftp mode passive
no pager
failover
failover lan unit primary
failover lan interface failover-link TenGigabitEthernet0/9
failover key fOObARbatz
failover replication http
failover link failover-link TenGigabitEthernet0/9
failover interface ip failover-link 192.168.8.1 255.255.255.252 standby 192.168.8.2
no asdm history enable
arp timeout 14400
console timeout 0
!
tls-proxy maximum-session 1000
!
admin-context admin
context admin
description -- administration context (user from this context can switch into other contexts)
allocate-interface Management0/0
config-url disk0:/admin.cfg
!
context CustA
description -- virtuell FW Customer A
allocate-interface GigabitEthernet0/0.150
allocate-interface GigabitEthernet0/0.200
config-url disk0:/custa.cfg
!
context CustB
description -- virtuell FW Customer B
allocate-interface GigabitEthernet0/0.151
allocate-interface GigabitEthernet0/0.201
config-url disk0:/custb.cfg
!
context CustC
description -- virtuell FW Customer C
allocate-interface GigabitEthernet0/0.152
allocate-interface GigabitEthernet0/0.202
config-url disk0:/custc.cfg
!
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:3bc61695eb10f8531ca567e93143051a
: end
customer context
hostname CustA
!
interface GigabitEthernet0/0.150
nameif inside
security-level 100
ip address 10.135.150.4 255.255.255.248 standby 10.135.150.5
!
interface GigabitEthernet0/0.200
nameif transfer
security-level 0
ip address 10.135.200.4 255.255.255.248 standby 10.135.200.5
!
access-list transfer_acl extended deny udp any any eq 23
access-list transfer_acl extended deny tcp any any eq telnet
access-list transfer_acl extended permit ip any any
access-list transfer_acl extended permit icmp any any
access-list inside_acl extended deny tcp any any eq telnet inactive
access-list inside_acl extended permit ip any any
access-list inside_acl extended permit icmp any any
access-group inside_acl in interface inside
access-group transfer_acl in interface transfer
route transfer 0.0.0.0 0.0.0.0 10.135.200.3 1
route insidelink 10.135.100.0 255.255.255.0 10.135.150.3 1
Customer B
hostname CustB
!
interface GigabitEthernet0/0.151
nameif inside
security-level 100
ip address 10.135.151.4 255.255.255.248 standby 10.135.151.5
!
interface GigabitEthernet0/0.201
nameif transfer
security-level 0
ip address 10.135.201.4 255.255.255.248 standby 10.135.201.5
!
access-list transfer_acl extended deny tcp any any eq telnet inactive
access-list transfer_acl extended permit ip any any
access-list transfer_acl extended permit icmp any any
access-list inside_acl extended deny tcp any any eq telnet inactive
access-list inside_acl extended permit ip any any
access-list inside_acl extended permit icmp any any
access-group inside_acl in interface inside
access-group transfer_acl in interface transfer
route transfer 0.0.0.0 0.0.0.0 10.135.201.3 1
route inside 10.135.101.0 255.255.255.0 10.135.151.3 1
<verbatim>
---+ Customer C
<verbatim>
hostname CustC
!
interface GigabitEthernet0/0.152
nameif inside
security-level 100
ip address 10.135.152.4 255.255.255.248 standby 10.135.152.5
!
interface GigabitEthernet0/0.202
nameif transfer
security-level 0
ip address 10.135.202.4 255.255.255.248 standby 10.135.202.5
!
access-list transfer_acl extended deny tcp any any eq telnet inactive
access-list transfer_acl extended permit ip any any
access-list transfer_acl extended permit icmp any any
access-list inside_acl extended deny tcp any any eq telnet inactive
access-list inside_acl extended permit ip any any
access-list inside_acl extended permit icmp any any
access-group inside_acl in interface inside
access-group transfer_acl in interface transfer
route transfer 0.0.0.0 0.0.0.0 10.135.202.3 1
route inside 10.135.102.0 255.255.255.0 10.135.152.3 1
</verbatim></verbatim>
<nop>