ASA Context config for S2S VPN

johnlloyd_13 — Fri, 21 Feb 2020 15:38:00 GMT

hi,

it's been a while since i configured a new ASA with security contexts running.

just a clarification on the 20-security context license i applied.

is it good practice to use the max security license count under the VPN class using the command: limit-resource VPN Other 20?

do i also configure each context to be a member of VPN class so they can configure S2S IPsec VPN in their own context or will it be a good idea or good practice just to create a dedicated context for customer VPNs?

i also see others configure a number or percent for IKEv1 in-negotiation. what is this for and what's a good value to input?

/pri/act(config-class)# limit-resource VPN ikev1 in-negotiation ?

class mode commands/options:
WORD Value of resource limit (in <value> or <value>%)

---

<SYSTEM>

class VPN
limit-resource VPN Other 20

context <CONTEXT-A>
member VPN
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/1.x

context <CONTEXT-B>
member VPN
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/1.x

Re: ASA Context config for S2S VPN

Florin Barhala — Mon, 16 Apr 2018 11:17:14 GMT

I am also interested in any feedback about this thread.
I just enabled VPN for one context I was required to. My take was to edit the default class and give each context same values.
What I am not sure: what happens if I don't mention anything on the default class in regard to IKEv1 in-negotiation and VPN Burst.

Thanks!

topic ASA Context config for S2S VPN in Network Security

ASA Context config for S2S VPN

Re: ASA Context config for S2S VPN