In the latest code, is VPN still disabled when using contexts? If you use a 5520 as an ISP based firewall for customers, then what would be used for VPN access? Also how many contexts does a 5520 support, and would putting 2 interfaces into an etherchannel for inside, and 2 for outside work? Reason I ask about that, the inside and outside would connect to 2 different core routers. I would be for an MPLS setup.
but please remember that even though the newer ASA OS'er supports adding the licenses togheter you have to buy some upgrade license for upgrade your 5 to 15 contexts - if you have a 5 context license and buy a 10 context you have 10 and not 15...
Oh I understand Cisco licenses quite well. Several years of head banging when the wrong one is ordered has finaly paid off. They all see me when ordering licenses! I have a print out of all the SKU's for the licensing.
If you start with 5, L-ASA-SC-5=, then to go to 10, L-ASA-SC-5-10=, next step up 10 to 20, L-ASA-SC-10-20=
Same with SSL licenses. Gets to be really annoying when renewing the CSC licenses.
SO the 5520 max is 20 contexts. VPN's are still unsupported, and I can group interfaces together for increased throughput to avoid bottlenecks. What would be used to VPN access then, a router behind the ASA running ipsecurity plus IOS?
... What would be used to VPN access then, a router behind the ASA running ipsecurity plus IOS?
A Juniper SRX.
Seriously - the usual answer: it depends. I've seen separate ASAs, routers running IPsec and even - yes - other vendors' firewalls. That's what keeps guys like us fully employed - figuring out the right set of solutions given the customer's requirements and equipment's capabilities.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...