[c-nsp] ASA Multiple Context Mode

Ryan West rwest at zyedge.com
Sun Jul 19 15:28:36 EDT 2009


Ge,

That's exactly what I was referring to, 2 pairs, one for the multiple context and one for the VPN terminations.  Then the group-policy mappings contain the VLAN mapping for each customer.

-ryan

-----Original Message-----
From: Ge Moua [mailto:moua0100 at umn.edu] 
Sent: Sunday, July 19, 2009 3:27 PM
To: Ryan West
Cc: Clue Store; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASA Multiple Context Mode

I've done IOS based WebVPN with multiple VRFs (vrf-lite in this case); 
this is somewhat analogous to the ASA w/ multiple context; I know you 
mentioned how to do this on the ASA which I don't believe is possible.

Our Cisco Acct SE mentioned vlan mapping where you terminate the 
webvpn/ipsec tunnel on one interface but then funnel the designated 
traffic per customer to different downstream vlan or interfaces; 
essentially this allows you to have multiple customer group in one 
context; i've seen docs on cisco cco that mentions this as well; good luck.


Regards,
Ge Moua | Email: moua0100 at umn.edu

Network Design Engineer
University of Minnesota | Networking & Telecommunications Services



Ryan West wrote:
> Clue,
>
> I am pretty sure that it doesn't support SSL VPN's either.  All NetPro discussions show the same results.  Assuming you are support multiple customers and want to give them access to their firewall, or whatever you reason for choosing multiple context may be, you should use another ASA pair in Active/Standby to provide VPN termination services.  You may have to mess around with RRI, but you should be able to pull off customer segregation using VLANs.
>
> -ryan
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Clue Store
> Sent: Sunday, July 19, 2009 2:14 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] ASA Multiple Context Mode
>
> Hi All,
>
>
> As I understand that the ASA in multiple context mode does not support
> "VPN's", does this also inclue SSL VPN's?? Someone has mentioned that it
> turns off IPSEC engine in this mode, but I have not been able to find
> anywhere where it says SSL VPN's are not supported. If it doesn't support
> SSL VPN, what are other folks doing for VPN's in this situation where
> multiple contexts are being used??
>
> TIA,
> Clue
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>   


More information about the cisco-nsp mailing list