ASA Multiple Security Context IPSec Tunnel

Answered Question
Oct 4th, 2010
User Badges:

Howdy,  I'm looking to find out if it is possible to build an IPSec tunnel on a multi-security context ASA5520?  If not, what are the alternate solutions to build tunnels between sites on a multi-context ASA?  Thanks in advance for any info.

Correct Answer by Jason Masker about 6 years 7 months ago

Robert,


When you use multiple security contexts on the ASA it disables all VPN functionality as described here:


http://www.cisco.com/en/US/customer/docs/security/asa/asa83/asdm63/configuration_guide/contexts.html


If you need multiple contexts there is not going to be a way for you to terminate your VPN connection at the ASA. What other switching & routing gear do you have on-site? You might be able to take advantage of IOS VPN functionality of these devices.

Correct Answer by Namit Agarwal about 6 years 7 months ago

Hi Robert,


The Multi Context mode in the ASA does not support VPN. For a workaround you might have to tunnel on devices other than the Multi Context ASAs. Here is the official doc from CISCO side http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/contexts.html#wp1116132


Regards,


Namit

Correct Answer by praprama about 6 years 7 months ago

Hi,


Unfortunately, ASA in mulitlpe mode does not support VPN:


http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/contexts.html#wp1116132


What exactly is your requirement? We can then maybe think of alternatives. One would be to have another device in front of this ASA to terminate the VPN.


Regards,

Prapanch

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Jason Masker Mon, 10/04/2010 - 05:50
User Badges:
  • Bronze, 100 points or more

Robert,


When you use multiple security contexts on the ASA it disables all VPN functionality as described here:


http://www.cisco.com/en/US/customer/docs/security/asa/asa83/asdm63/configuration_guide/contexts.html


If you need multiple contexts there is not going to be a way for you to terminate your VPN connection at the ASA. What other switching & routing gear do you have on-site? You might be able to take advantage of IOS VPN functionality of these devices.

Actions

This Discussion