Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
1
Replies

ASA Context config for S2S VPN

johnlloyd_13
Level 9
Level 9

‎04-13-2018 05:40 PM - edited ‎02-21-2020 07:38 AM

hi,

it's been a while since i configured a new ASA with security contexts running.

just a clarification on the 20-security context license i applied.

is it good practice to use the max security license count under the VPN class using the command: limit-resource VPN Other 20?

do i also configure each context to be a member of VPN class so they can configure S2S IPsec VPN in their own context or will it be a good idea or good practice just to create a dedicated context for customer VPNs?

i also see others configure a number or percent for IKEv1 in-negotiation. what is this for and what's a good value to input?

 

/pri/act(config-class)# limit-resource VPN ikev1 in-negotiation ?

class mode commands/options:
  WORD  Value of resource limit (in <value> or <value>%)

 

---

 

<SYSTEM>

class VPN
 limit-resource VPN Other 20

context <CONTEXT-A>
 member VPN
 allocate-interface GigabitEthernet0/0
 allocate-interface GigabitEthernet0/1.x

 

context <CONTEXT-B>
 member VPN
 allocate-interface GigabitEthernet0/0
 allocate-interface GigabitEthernet0/1.x

 

Labels:
0 Helpful
1 Reply 1

Florin Barhala
Level 6
Level 6

‎04-16-2018 04:17 AM

I am also interested in any feedback about this thread.
I just enabled VPN for one context I was required to. My take was to edit the default class and give each context same values.
What I am not sure: what happens if I don't mention anything on the default class in regard to IKEv1 in-negotiation and VPN Burst.

Thanks!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card