11-16-2008
10:55 PM
- last edited on
02-21-2020
11:48 PM
by
cc_security_adm
I need a work around - I have upgraded my ASA to support multiple contexts (two of my clients share infrastructure but maintain two separate ISP), now I dont have VPN for 40+ remote locations
11-17-2008 04:31 AM
I'm sorry to tell you that, but as far as I know, also in ASA 8.0.4, it is not possible to have VPN's in combination with multiple contexts. The commands are not supported.
Workaround is I think in extra hardware, be it a router or another ASA as VPN terminator, which you route through the correct context if necessary.
Kind regards
P-J Nefkens
11-17-2008 06:18 AM
because of the way multiple contexts classify packets, i don't think VPNs will ever be possible in this configuration.
like the other posted said, you need more hardware.
or do away with multiple contexts and instead use subinterfaces and correctly configured acl's to keep their traffic seperate.
also try private vlans.
11-17-2008 02:16 PM
hmmm, thanks for the information. The issue I have is that there are two clients that are sharing the ASA hardware (and internal L2 devices), whilst maintaining separate ISPs, so multiple contexts is the way to achieve this as I cannot do PBR on the ASA and there are cost constraints on additional hardware - otherwise I would have a router for PBR.
I may be able to utilise a VPN3005 for the VPN tunnel end point and client VPN.
I havent been able to find any configuration examples / design documents for implementing a VPN concentrator as well as the ASA - any further help would be greatly appreciated.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide