[c-nsp] ASA doesn't like ipsec...

jason.plank at comcast.net jason.plank at comcast.net
Thu Sep 25 13:25:06 EDT 2008


Unsupported Features

Multiple context mode does not support the following features:

•Dynamic routing protocols

Security contexts support only static routes. You cannot enable OSPF or RIP in multiple context mode.

•VPN

•Multicast 

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/contexts.html

--
Regards,

Jason Plank
CCIE #16560
e: jason.plank at comcast.net

 -------------- Original message ----------------------
From: david raistrick <drais at icantclick.org>
> 
> Guys,
> 
> Trying to turn up a vpn on a newly reinstalled (and out of support) pair 
> of asa 5520s.
> 
> They're running in multiple context mode, and active/standby.
> 
> I've searched and searched to no avail, but man this seems familiar..
> 
> running 8.04.   in ASDM there is no VPN wizard to try. (only setup and 
> HA).
> 
> 
> Step 2 of vpnsetup site-to-site steps:
> 
> oma-i33-fw1/oma-prod(config)# crypto isakmp policy 10
>                                       ^
> ERROR: % Invalid input detected at '^' marker.
> oma-i33-fw1/oma-prod(config)#
> 
> 
> The only crypto options I have are:
> 
> oma-i33-fw1/oma-prod(config)# crypto ?
> 
> configure mode commands/options:
>    ca   Certification authority
>    key  Long term key operations
> oma-i33-fw1/oma-prod(config)# crypto
> 
> 
> 
> 
> 
> 
> wtf?   anyone?
> 
> Licensed features for this user context:
> Failover                     : Active/Active
> VPN-DES                      : Enabled
> VPN-3DES-AES                 : Enabled
> GTP/GPRS                     : Disabled
> 
> 
> And from the system side:
> 
> oma-i33-fw1# sh ver | inc VPN
> VPN-DES                      : Enabled
> VPN-3DES-AES                 : Enabled
> VPN Peers                    : 750
> WebVPN Peers                 : 2
> This platform has an ASA 5520 VPN Plus license.
> oma-i33-fw1#
> 
> 
> 
> 
> 
> 
> ---
> david raistrick        http://www.netmeister.org/news/learn2quote.html
> drais at icantclick.org             http://www.expita.com/nomime.html
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list