cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
574
Views
0
Helpful
4
Replies

No VPNs in multi-context mode?

wsanders1
Level 1
Level 1

We were sold a ASA 5550 on the condition they support VPNs. I am looking at my new box and I do not see the "VPN Wizard" in ADSM or any VPN commands in the CLI.

Are VPNs not supported in multi-context mode? I see the example ASDM display in the getting started guide is in single-context mode.

Cisco Adaptive Security Appliance Software Version 7.2(3) <system>

Device Manager Version 5.2(3)

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 250

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 5000

WebVPN Peers : 2

This platform has an ASA 5550 VPN Premium license.

Thanks in advance ....

1 Accepted Solution

Accepted Solutions

Fernando_Meza
Level 7
Level 7

Hi .. Unfortunately when using multiple contexts there are some limitations .. VPN support is one of them.

Please see the below link.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/contexts.html#wp1116132

View solution in original post

4 Replies 4

Fernando_Meza
Level 7
Level 7

Hi .. Unfortunately when using multiple contexts there are some limitations .. VPN support is one of them.

Please see the below link.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/contexts.html#wp1116132

Fernando_Meza
Level 7
Level 7

Hi .. Unfortunately when using multiple contexts there are some limitations .. VPN support is one of them.

Please see the below link.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/contexts.html#wp1116132

daniel.diaz
Level 1
Level 1

Same thing happened to us, slightly different situation. we have 2 5510's running active/active and in order to run a/a you need to run multi context mode and you lose VPN when you do that.

What we ended up doing is using a spare PIX 515 and setting it up solely as a VPN concentrator. Works great but might not be feasible for you.

Good luck

For "home worker" type VPNS, my past several employers have just thrown a Windows Server box on the DMZ and used it as VPN server. I think we will just do that. The problems with PPTP got fixed a long time ago, and every Windows PC comes with a client so you don't have to install and support the cumbersome Cisco client. There are decent PPTP clients for Linux and Mac that are much easier to configure than IPSec. Oh, and it's 1/3 the cost of a VPN appliance; you can use any junky old box since it isn't much of a performance drain.

FWIW, if you only have one context, you don't have to run active/active. I only bought a failover device since I've actually had a couple old 500-series PIXes die in service, and the ASA 5550 still doesn't have dual power or even a PS that can be swapped out without disassembly.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: