[c-nsp] ASA Multiple Context Mode
Ge Moua
moua0100 at umn.edu
Mon Jul 20 09:03:08 EDT 2009
VPN termination and vlan-mapping all on the ASA.
Regards,
Ge Moua | Email: moua0100 at umn.edu
Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
Ryan West wrote:
> Think I misread what you originally wrote, were you still implying another device for the VPN termination?
>
> -----Original Message-----
> From: Ge Moua [mailto:moua0100 at umn.edu]
> Sent: Sunday, July 19, 2009 3:27 PM
> To: Ryan West
> Cc: Clue Store; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ASA Multiple Context Mode
>
> I've done IOS based WebVPN with multiple VRFs (vrf-lite in this case);
> this is somewhat analogous to the ASA w/ multiple context; I know you
> mentioned how to do this on the ASA which I don't believe is possible.
>
> Our Cisco Acct SE mentioned vlan mapping where you terminate the
> webvpn/ipsec tunnel on one interface but then funnel the designated
> traffic per customer to different downstream vlan or interfaces;
> essentially this allows you to have multiple customer group in one
> context; i've seen docs on cisco cco that mentions this as well; good luck.
>
>
> Regards,
> Ge Moua | Email: moua0100 at umn.edu
>
> Network Design Engineer
> University of Minnesota | Networking & Telecommunications Services
>
>
>
> Ryan West wrote:
>
>> Clue,
>>
>> I am pretty sure that it doesn't support SSL VPN's either. All NetPro discussions show the same results. Assuming you are support multiple customers and want to give them access to their firewall, or whatever you reason for choosing multiple context may be, you should use another ASA pair in Active/Standby to provide VPN termination services. You may have to mess around with RRI, but you should be able to pull off customer segregation using VLANs.
>>
>> -ryan
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Clue Store
>> Sent: Sunday, July 19, 2009 2:14 PM
>> To: cisco-nsp at puck.nether.net
>> Subject: [c-nsp] ASA Multiple Context Mode
>>
>> Hi All,
>>
>>
>> As I understand that the ASA in multiple context mode does not support
>> "VPN's", does this also inclue SSL VPN's?? Someone has mentioned that it
>> turns off IPSEC engine in this mode, but I have not been able to find
>> anywhere where it says SSL VPN's are not supported. If it doesn't support
>> SSL VPN, what are other folks doing for VPN's in this situation where
>> multiple contexts are being used??
>>
>> TIA,
>> Clue
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
More information about the cisco-nsp
mailing list