Re: [c-nsp] ASA Multiple Context Mode

Sun, 19 Jul 2009 12:34:35 -0700

I've done IOS based WebVPN with multiple VRFs (vrf-lite in this case); this is somewhat analogous to the ASA w/ multiple context; I know you mentioned how to do this on the ASA which I don't believe is possible.
Our Cisco Acct SE mentioned vlan mapping where you terminate the webvpn/ipsec tunnel on one interface but then funnel the designated traffic per customer to different downstream vlan or interfaces; essentially this allows you to have multiple customer group in one context; i've seen docs on cisco cco that mentions this as well; good luck. 


Regards,
Ge Moua | Email: [email protected]

Network Design Engineer
University of Minnesota | Networking & Telecommunications Services



Ryan West wrote:

Clue,

I am pretty sure that it doesn't support SSL VPN's either.  All NetPro 
discussions show the same results.  Assuming you are support multiple customers 
and want to give them access to their firewall, or whatever you reason for 
choosing multiple context may be, you should use another ASA pair in 
Active/Standby to provide VPN termination services.  You may have to mess 
around with RRI, but you should be able to pull off customer segregation using 
VLANs.

-ryan

-----Original Message-----
From: [email protected] 
[mailto:[email protected]] On Behalf Of Clue Store
Sent: Sunday, July 19, 2009 2:14 PM
To: [email protected]
Subject: [c-nsp] ASA Multiple Context Mode

Hi All,


As I understand that the ASA in multiple context mode does not support
"VPN's", does this also inclue SSL VPN's?? Someone has mentioned that it
turns off IPSEC engine in this mode, but I have not been able to find
anywhere where it says SSL VPN's are not supported. If it doesn't support
SSL VPN, what are other folks doing for VPN's in this situation where
multiple contexts are being used??

TIA,
Clue
_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

  

_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/






















					Reply via email to