Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2316
Views
1
Helpful
4
Replies

ASA5510 with multiple context mode.does it support remoteAccessVPN?

Go to solution
mubarak.mammadov
Level 1
Level 1

‎07-18-2012 09:22 PM - edited ‎03-11-2019 04:32 PM

Hi,

I have 2xASA5510 with securityPlus licence.i have confugured 3 context and Active/Active Failover.Everything works fine. But also want to use rometeAccessVPN but couldn't fine anything for VPN. does it support VPN in multiple mode?Could you offer something?

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎07-18-2012 09:59 PM

No, VPN is not supported in multi context mode.

Here is the documentation for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/mode_contexts.html#wp1188973

View solution in original post

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Jennifer Halim

‎07-19-2012 05:58 AM

I've heard that L2L VPN might become possible for multiple context mode ASAs in the future.

But VPN Client isnt either coming at all or is coming much later.

Its shame that this possiblity doesnt exist on the ASAs running multiple firewalls. It basically means you need a totally different equipment for VPN capabilites. And even then it means you have no way of virtualizing routing which again means you cant have overlapping networks on your ASA that you have dedicated only for VPN purposes.

This is especially bad when youre trying to move away from IOS VPN setups with old 6500 modules where you could use VRF:s for each VPN connection which totally eliminated the problem of overlapping networks. Configuring those VPNs to a single ASA becomes harder if you happen to have overlapping networks. (vpn pools, customer networks, L2L VPN remote networks)

- Jouni

View solution in original post

0 Helpful

Go to solution
gaurav bhardwaj
Level 1
Level 1
In response to Jouni Forss

‎07-19-2012 06:55 AM

When should you not use multiple security contexts?

  • If you need to provide VPN services such as remote access or site-to-site VPN tunnels.
  • If you need to use dynamic routing protocols. With multiple context mode, you can use only static routes.
  • If you need to use QoS.
  • If you need to support multicast routing.
  • If you need to provide Threat Detection.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎07-18-2012 09:59 PM

No, VPN is not supported in multi context mode.

Here is the documentation for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/mode_contexts.html#wp1188973

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Jennifer Halim

‎07-19-2012 05:58 AM

I've heard that L2L VPN might become possible for multiple context mode ASAs in the future.

But VPN Client isnt either coming at all or is coming much later.

Its shame that this possiblity doesnt exist on the ASAs running multiple firewalls. It basically means you need a totally different equipment for VPN capabilites. And even then it means you have no way of virtualizing routing which again means you cant have overlapping networks on your ASA that you have dedicated only for VPN purposes.

This is especially bad when youre trying to move away from IOS VPN setups with old 6500 modules where you could use VRF:s for each VPN connection which totally eliminated the problem of overlapping networks. Configuring those VPNs to a single ASA becomes harder if you happen to have overlapping networks. (vpn pools, customer networks, L2L VPN remote networks)

- Jouni

0 Helpful

Go to solution
gaurav bhardwaj
Level 1
Level 1
In response to Jouni Forss

‎07-19-2012 06:55 AM

When should you not use multiple security contexts?

  • If you need to provide VPN services such as remote access or site-to-site VPN tunnels.
  • If you need to use dynamic routing protocols. With multiple context mode, you can use only static routes.
  • If you need to use QoS.
  • If you need to support multicast routing.
  • If you need to provide Threat Detection.
0 Helpful

Go to solution
John Gracey
Level 1
Level 1

‎01-21-2014 06:37 AM

For future reference..

Multi-context and dynamic routing are supported on v9 of ASA code and above (with the exception of the ASA 5505 and the Cisco Catalyst 6500 Series ASA Services Module).

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps12726/data_sheet_c78-714849.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card