VPN termination and vlan-mapping all on the ASA.
Regards,
Ge Moua | Email: [email protected]
Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
Ryan West wrote:
Think I misread what you originally wrote, were you still implying another
device for the VPN termination?
-----Original Message-----
From: Ge Moua [mailto:[email protected]]
Sent: Sunday, July 19, 2009 3:27 PM
To: Ryan West
Cc: Clue Store; [email protected]
Subject: Re: [c-nsp] ASA Multiple Context Mode
I've done IOS based WebVPN with multiple VRFs (vrf-lite in this case);
this is somewhat analogous to the ASA w/ multiple context; I know you
mentioned how to do this on the ASA which I don't believe is possible.
Our Cisco Acct SE mentioned vlan mapping where you terminate the
webvpn/ipsec tunnel on one interface but then funnel the designated
traffic per customer to different downstream vlan or interfaces;
essentially this allows you to have multiple customer group in one
context; i've seen docs on cisco cco that mentions this as well; good luck.
Regards,
Ge Moua | Email: [email protected]
Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
Ryan West wrote:
Clue,
I am pretty sure that it doesn't support SSL VPN's either. All NetPro
discussions show the same results. Assuming you are support multiple customers
and want to give them access to their firewall, or whatever you reason for
choosing multiple context may be, you should use another ASA pair in
Active/Standby to provide VPN termination services. You may have to mess
around with RRI, but you should be able to pull off customer segregation using
VLANs.
-ryan
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Clue Store
Sent: Sunday, July 19, 2009 2:14 PM
To: [email protected]
Subject: [c-nsp] ASA Multiple Context Mode
Hi All,
As I understand that the ASA in multiple context mode does not support
"VPN's", does this also inclue SSL VPN's?? Someone has mentioned that it
turns off IPSEC engine in this mode, but I have not been able to find
anywhere where it says SSL VPN's are not supported. If it doesn't support
SSL VPN, what are other folks doing for VPN's in this situation where
multiple contexts are being used??
TIA,
Clue
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
