08-24-2009 07:02 PM - edited 03-11-2019 09:09 AM
We were sold a ASA 5550 on the condition they support VPNs. I am looking at my new box and I do not see the "VPN Wizard" in ADSM or any VPN commands in the CLI.
Are VPNs not supported in multi-context mode? I see the example ASDM display in the getting started guide is in single-context mode.
Cisco Adaptive Security Appliance Software Version 7.2(3) <system>
Device Manager Version 5.2(3)
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 250
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 5000
WebVPN Peers : 2
This platform has an ASA 5550 VPN Premium license.
Thanks in advance ....
Solved! Go to Solution.
08-24-2009 11:08 PM
Hi .. Unfortunately when using multiple contexts there are some limitations .. VPN support is one of them.
Please see the below link.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/contexts.html#wp1116132
08-24-2009 11:08 PM
Hi .. Unfortunately when using multiple contexts there are some limitations .. VPN support is one of them.
Please see the below link.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/contexts.html#wp1116132
08-24-2009 11:08 PM
Hi .. Unfortunately when using multiple contexts there are some limitations .. VPN support is one of them.
Please see the below link.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/contexts.html#wp1116132
08-27-2009 03:53 PM
Same thing happened to us, slightly different situation. we have 2 5510's running active/active and in order to run a/a you need to run multi context mode and you lose VPN when you do that.
What we ended up doing is using a spare PIX 515 and setting it up solely as a VPN concentrator. Works great but might not be feasible for you.
Good luck
08-27-2009 04:03 PM
For "home worker" type VPNS, my past several employers have just thrown a Windows Server box on the DMZ and used it as VPN server. I think we will just do that. The problems with PPTP got fixed a long time ago, and every Windows PC comes with a client so you don't have to install and support the cumbersome Cisco client. There are decent PPTP clients for Linux and Mac that are much easier to configure than IPSec. Oh, and it's 1/3 the cost of a VPN appliance; you can use any junky old box since it isn't much of a performance drain.
FWIW, if you only have one context, you don't have to run active/active. I only bought a failover device since I've actually had a couple old 500-series PIXes die in service, and the ASA 5550 still doesn't have dual power or even a PS that can be swapped out without disassembly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide