[c-nsp] ASA Multiple Context Mode

David Hughes David at hughes.com.au
Sun Jul 19 20:49:56 EDT 2009


Hi

No, the outside of the router is outside the firewall.   The tunnel  
terminates on that device and we drop the client traffic through the  
vrf and a sub-int onto a vlan that's presented as a DMZ to the  
firewall context.  Any security policy can then be applied to it via  
the ASA.


David
...

On 20/07/2009, at 10:01 AM, Clue Store wrote:

> Hi David,
>
> Does this mean you're terminating the ipsec tunnel on a router  
> inside the
> vrf through the context?? I was thinking about this but wasn't sure  
> what
> nastyness would come out of it. MTU issues, etc...
>
> On Sun, Jul 19, 2009 at 4:39 PM, David Hughes <David at hughes.com.au>  
> wrote:
>
>>
>> On 20/07/2009, at 4:13 AM, Clue Store wrote:
>>
>> If it doesn't support
>>> SSL VPN, what are other folks doing for VPN's in this situation  
>>> where
>>> multiple contexts are being used??
>>>
>>
>> Hi
>>
>>
>> We use a router running vrf-aware ipsec to drop users from each  
>> customer
>> into a vlan on their ASA context.  Works pretty well.
>>
>>
>>
>> David
>> ...
>>



More information about the cisco-nsp mailing list