cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
204
Views
3
Helpful
4
Replies

Active/Active limitations - ASA Multi-context

m.s.rees1
Level 1
Level 1

Hi,

I have read a few times recently about the limitations when setting up firewalls in Active/Active but they are always older posts. Can anyone confirm the current limitations with Active/Active or even Active/Standby?

We have a multi-context firewall that will be running VPNs and that was one of the limitations that has been mentioned in older posts. Just wondering if this is still the case and anything to look out for.

Thanks.

1 Accepted Solution

Accepted Solutions

@m.s.rees1 thats for Remote Acccess VPN, which doesn't use IKEv1 anyway (only SSL/TLS or IKEv2)

RobIngram_1-1730208936198.png

 

 

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

Depends on the model and Code running always mentioned in the configuraiton guide, that is official :

https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/configuration/general/asa-914-general-config/ha-contexts.html?bookSearch=true#id_59703

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

@m.s.rees1 the old guides are still pretty relevant tbh, as not much has changed in regard to functionality and support for multi-context. VPN's are supported on A/A https://www.cisco.com/c/en/us/td/docs/security/asa/asa922/configuration/general/asa-922-general-config/ha-contexts.html#id_59703 VTI's are still unsuppported however.

 

m.s.rees1
Level 1
Level 1

@Rob Ingram @balaji.bandi 

Thanks for the replies. What I don't understand is that in this document it mentions the following:

msrees1_0-1730208447747.png



In the list it states that (for example) Ikev1 is not supported in multiple-context mode, however without realising this was a limitation I have set one up, tested and it seemed to work fine. So is the limitation around the failover side of multi-contexts?


Thanks.

@m.s.rees1 thats for Remote Acccess VPN, which doesn't use IKEv1 anyway (only SSL/TLS or IKEv2)

RobIngram_1-1730208936198.png

 

 

Review Cisco Networking for a $25 gift card