Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
5
Helpful
2
Replies

Multiple Mode ASA 5510 - VPN?

raycourtney
Level 1
Level 1

‎02-14-2008 08:11 AM

Hi,

I'm trying to set up a 5510 in multiple mode and cannot see to get it to recognise any VPN or IPSEC commands or configuration at all. I'm doing it through the CLI.

Am I correct in trying to configure it under a particular context?

sample config bits are as follows:

group-policy GWUK_Birm_HO internal

group-policy GWUK_Birm_HO attributes

dns-server value xx.xx.xx.xx

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value GW_HO_USERS_VPN

address-pools value GWPOOL

username paxxxrd password VuW157xxxxxNdMC encrypted privilege 0

username patgxxard attributes

vpn-group-policy GWUK_Birm_HO

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto dynamic-map Cogent_INT_dyn_map 20 set pfs

crypto dynamic-map Cogent_INT_dyn_map 20 set transform-set ESP-3DES-SHA

crypto map Cogent_INT_map 20 set pfs

crypto map Cogent_INT_map 20 set peer 2x.xx.xx.10

crypto isakmp identity address

crypto isakmp enable Cogent_INT

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

tunnel-group GWUK_Birm_HO type ipsec-ra

tunnel-group GWUK_Birm_HO general-attributes

address-pool GWPOOL

default-group-policy GWUK_Birm_HO

errors are as follows:

GS-ASA/CTX1(config)# tunnel-group GWUK_Birm_HO type ipsec-ra

^

ERROR: % Invalid input detected at '^' marker.

Can anyone help me here. Please don't tell me that ASA doesn't do VPNs in Multiple mode......

Show ver output:

GS-ASA/CTX1# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(3) <context>

Device Manager Version 5.2(3)

Compiled on Wed 15-Aug-07 16:08 by builders

GS-ASA up 15 days 3 hours

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: Ethernet0/0 : address is 001d.a29a.6d80, irq 9

1: Ext: Ethernet0/1 : address is 001d.a29a.6d81, irq 9

2: Ext: Ethernet0/2 : address is 001d.a29a.6d82, irq 9

3: Ext: Ethernet0/3 : address is 001d.a29a.6d83, irq 9

4: Ext: Management0/0 : address is 001d.a29a.6d84, irq 11

5: Int: Not used : irq 11

6: Int: Not used : irq 5

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 250

WebVPN Peers : 2

This platform has an ASA 5510 Security Plus license.

Labels:
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎02-14-2008 09:06 AM

Sorry, ASA does not support VPN in multiple context :(

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/contexts.html#wp1035807

raycourtney
Level 1
Level 1
In response to acomiskey

‎02-14-2008 10:14 AM

arrrgggh!!!

That was what I feared.

Thanks dude.

Ray

0 Helpful
Customers Also Viewed These Support Documents