02-14-2008 08:11 AM
Hi,
I'm trying to set up a 5510 in multiple mode and cannot see to get it to recognise any VPN or IPSEC commands or configuration at all. I'm doing it through the CLI.
Am I correct in trying to configure it under a particular context?
sample config bits are as follows:
group-policy GWUK_Birm_HO internal
group-policy GWUK_Birm_HO attributes
dns-server value xx.xx.xx.xx
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value GW_HO_USERS_VPN
address-pools value GWPOOL
username paxxxrd password VuW157xxxxxNdMC encrypted privilege 0
username patgxxard attributes
vpn-group-policy GWUK_Birm_HO
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map Cogent_INT_dyn_map 20 set pfs
crypto dynamic-map Cogent_INT_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map Cogent_INT_map 20 set pfs
crypto map Cogent_INT_map 20 set peer 2x.xx.xx.10
crypto isakmp identity address
crypto isakmp enable Cogent_INT
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
tunnel-group GWUK_Birm_HO type ipsec-ra
tunnel-group GWUK_Birm_HO general-attributes
address-pool GWPOOL
default-group-policy GWUK_Birm_HO
errors are as follows:
GS-ASA/CTX1(config)# tunnel-group GWUK_Birm_HO type ipsec-ra
^
ERROR: % Invalid input detected at '^' marker.
Can anyone help me here. Please don't tell me that ASA doesn't do VPNs in Multiple mode......
Show ver output:
GS-ASA/CTX1# sh ver
Cisco Adaptive Security Appliance Software Version 7.2(3) <context>
Device Manager Version 5.2(3)
Compiled on Wed 15-Aug-07 16:08 by builders
GS-ASA up 15 days 3 hours
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 001d.a29a.6d80, irq 9
1: Ext: Ethernet0/1 : address is 001d.a29a.6d81, irq 9
2: Ext: Ethernet0/2 : address is 001d.a29a.6d82, irq 9
3: Ext: Ethernet0/3 : address is 001d.a29a.6d83, irq 9
4: Ext: Management0/0 : address is 001d.a29a.6d84, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 2
This platform has an ASA 5510 Security Plus license.
02-14-2008 09:06 AM
Sorry, ASA does not support VPN in multiple context :(
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/contexts.html#wp1035807
02-14-2008 10:14 AM
arrrgggh!!!
That was what I feared.
Thanks dude.
Ray
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide