Solved: Marvin,

mikgruff3 · ‎02-11-2016

All,

I need to know if the ASA5545X supports Anyconnect and Eigrp when running in Multi-Context mode? Can someone please help?

thanks

-mikgruff

Marvin Rhoads · ‎02-11-2016

SSL VPN support in multiple context mode was added last Fall in 9.5(2) - but only for client-based (not clientless).

See http://www.cisco.com/c/en/us/td/docs/security/asa/asa95/release/notes/asarn95.html

In there we can see:

Remote Access Features

Support for Remote Access VPN in multiple context mode

You can now use the following remote access features in multiple context mode:

AnyConnect 3.x and later (SSL VPN only; no IKEv2 support)
Centralized AnyConnect image configuration
AnyConnect image upgrade
Context Resource Management for AnyConnect connections

Note: The AnyConnect Apex license is required for multiple context mode; you cannot use the default or legacy license.

We introduced the following commands: limit-resource vpn anyconnect, limit-resource vpn burst anyconnect

We modified the following screen: Configuration > Context Management > Resource Class > Add Resource Class

View solution in original post

Marvin Rhoads · ‎02-16-2016

Yes, site-site is an IPSec VPN and is thus supported per the configuration guide:

Guidelines for IPsec VPNs

Context Mode Guidelines

Supported in single or multiple context mode. Anyconnect Apex license is required for remote-access VPN in multi-context mode.

View solution in original post

Philip D'Ath · ‎02-11-2016

9.x added EIGRP support.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/release/notes/asarn90.html

Dynamic routing in Security Contexts

EIGRP and OSPFv2 dynamic routing protocols are now supported in multiple context mode. OSPFv3, RIP, and multicast routing are not supported.

I don't think AnyConnect works ... but I could be wrong.

Marvin Rhoads · ‎02-11-2016

SSL VPN support in multiple context mode was added last Fall in 9.5(2) - but only for client-based (not clientless).

See http://www.cisco.com/c/en/us/td/docs/security/asa/asa95/release/notes/asarn95.html

In there we can see:

Remote Access Features

Support for Remote Access VPN in multiple context mode

You can now use the following remote access features in multiple context mode:

AnyConnect 3.x and later (SSL VPN only; no IKEv2 support)
Centralized AnyConnect image configuration
AnyConnect image upgrade
Context Resource Management for AnyConnect connections

Note: The AnyConnect Apex license is required for multiple context mode; you cannot use the default or legacy license.

We introduced the following commands: limit-resource vpn anyconnect, limit-resource vpn burst anyconnect

We modified the following screen: Configuration > Context Management > Resource Class > Add Resource Class

mikgruff3 · ‎02-16-2016

Marvin,

Thanks for the follow up I really appreciate it. One last question? Is Site to Site VPN supported in multi-context mode?

Marvin Rhoads · ‎02-16-2016

Yes, site-site is an IPSec VPN and is thus supported per the configuration guide:

Guidelines for IPsec VPNs

Context Mode Guidelines

Supported in single or multiple context mode. Anyconnect Apex license is required for remote-access VPN in multi-context mode.

mikgruff3 · ‎02-16-2016

Thank you.

ASA5500X Contexts/Anyconnect/EIGRP

Guidelines for IPsec VPNs

Context Mode Guidelines

Guidelines for IPsec VPNs

Context Mode Guidelines