We use ASA's in context mode plus some sort of IOS box (28xx, 38xx) with VRF for both Client VPN and LAN-to-LAN VPN. Works decently...
GG On Tue, Sep 29, 2009 at 11:34 PM, christian <christ...@automatick.net> wrote: > netscreen management (cli/NSM) is one of the worst i've ever encountered > > as far as the topic at hand - i agree w/ Justin's comments - what i've > done in past is FWSM's in the chassis and a pair of asa's for vpn > termination > > On Tue, Sep 29, 2009 at 8:23 PM, Dave Weis <djw...@internetsolver.com> wrote: >> >> On Wed, 30 Sep 2009, David Hughes wrote: >>> >>> On 30/09/2009, at 7:08 AM, Dave Weis wrote: >>>> >>>> On Tue, 29 Sep 2009, Christopher Hunt wrote: >>>>> >>>>> As I painfully discovered, the Cisco ASA in Multiple Context mode does >>>>> not support IPSEC VPN clients nor L2TP3 tunnels >>>> >>>> That's a pretty big omission! Any ETA to add that capability? >>> >>> Yeah, they've never supported VPN in multi-context mode. Major pain. And >>> if you are a dense hosting provider the 50 context limit (and limited >>> performance) of a 5540 for example doesn't work too well. These issues made >>> us look around again and J-Vendor's boxes are making the ASA's look a bit >>> ordinary. >> >> I never enjoyed working on the netscreens. I suppose if each virtual >> firewall customer could get the same awkward web interface for self >> provisioning it could be made to work. >> >> -- >> Dave Weis >> djw...@internetsolver.com >> http://www.internetsolver.com/ >> >> _______________________________________________ >> cisco-nsp mailing list cisco-...@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> > _______________________________________________ > cisco-nsp mailing list cisco-...@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/