marvin,

thanks for the link!

have you personally tried this out?

any caveat that i should be aware of?

i encountered a small trouble when i first ran IPsec VPN on ASA context using 9.x image where i just added the limit-resource vpn under the 'admin' context and then it worked afterwards.

You're welcome.

I've done it the lab and production. Almost every ASA that's worth doing multiple context will also use HA.

The only caveat that ever bit me was lack of multicast support between contexts. That got me when we were trying to do OSFP routing among different contexts.

Remote access VPN had not traditionally been supported but that changed as of 9.5(2).

I'm actually setting up my first production multiple context HA pair with remote access VPN on a current project. If you're running multiple context with remote access VPN, there are a few caveats. No clientless, no web launch etc. Those are spelled out n the 9.5 and later configuration guides.

thanks for sharing your invaluable insights!

just curious, do you create a document here in cisco or host a blog with your experiences?

johnlloyd_13  

I've done a small handful of document postings here in the network management forum. No formal blogs per se.

Between doing this sort of work full time, posting here and studying for my CCIE Security my bandwidth is about maxed out. :)

marvin,

good luck on your CCIE Sec!

i might go on the same route soon. need to do my CCIE R/S first :)

appreciate your time and input in CSC security forum.

makes our lives (and job) easier :)