[c-nsp] ASA Multiple Context Mode
David Hughes
David at hughes.com.au
Sun Jul 19 20:49:56 EDT 2009
Hi
No, the outside of the router is outside the firewall. The tunnel
terminates on that device and we drop the client traffic through the
vrf and a sub-int onto a vlan that's presented as a DMZ to the
firewall context. Any security policy can then be applied to it via
the ASA.
David
...
On 20/07/2009, at 10:01 AM, Clue Store wrote:
> Hi David,
>
> Does this mean you're terminating the ipsec tunnel on a router
> inside the
> vrf through the context?? I was thinking about this but wasn't sure
> what
> nastyness would come out of it. MTU issues, etc...
>
> On Sun, Jul 19, 2009 at 4:39 PM, David Hughes <David at hughes.com.au>
> wrote:
>
>>
>> On 20/07/2009, at 4:13 AM, Clue Store wrote:
>>
>> If it doesn't support
>>> SSL VPN, what are other folks doing for VPN's in this situation
>>> where
>>> multiple contexts are being used??
>>>
>>
>> Hi
>>
>>
>> We use a router running vrf-aware ipsec to drop users from each
>> customer
>> into a vlan on their ASA context. Works pretty well.
>>
>>
>>
>> David
>> ...
>>
More information about the cisco-nsp
mailing list