[c-nsp] Firewalls "as-a-service" in an MPLS infrastructure...
Nick Hilliard
nick at foobar.org
Mon Jul 11 09:45:14 EDT 2011
Not wanting to be rude by following up my own posting, but I had several
queries about this, public and private. Here are some reference URLs amd
quotes for each, all referring to 8.4 software - although this is also true
for all previous software versions.
Nick
On 11/07/2011 09:00, Nick Hilliard wrote:
> - dynamic routing
URL:
> http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/route_static.html#wp1119518
"Multiple
>
context mode does not support dynamic routing"
> - ipsec
URL:
> http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_ike.html#wp1042167
"Note
>
When the ASA is configured for IPsec VPN, you cannot enable security
contexts (also called firewall multimode) or Active/Active stateful
failover. Therefore, these features are unavailable. "
> - any sort of VPN
URL:
> http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_params.html#wp1045332
"VPNs
>
work only in single, routed mode. VPN functionality is unavailable in
configurations that include either security contexts, also referred to as
multimode firewall, or Active/Active stateful failover."
The exception to this caveat is that you can configure and use one
connection for administrative purposes to (not through) the ASA in
transparent mode."
> - QoS
URL:
> http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/conns_qos.html#wp1042022
"Note
>
QoS is only available in single context mode."
> - phone proxy
URL:
> http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/unified_comm_phoneproxy.html#wp1277382
"•The
>
phone proxy is not supported when the ASA is running in transparent
mode or multiple context mode. "
> - pppoe
URL:
> http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_pppoe.html#wp1031501
"Note:
>
PPPoE is not supported when failover is configured on the ASA, or in
multiple context or transparent mode. PPPoE is only supported in single,
routed mode, without failover. "
More information about the cisco-nsp
mailing list