Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

No VPNs in multi-context mode?

We were sold a ASA 5550 on the condition they support VPNs. I am looking at my new box and I do not see the "VPN Wizard" in ADSM or any VPN commands in the CLI.

Are VPNs not supported in multi-context mode? I see the example ASDM display in the getting started guide is in single-context mode.

Cisco Adaptive Security Appliance Software Version 7.2(3) <system>

Device Manager Version 5.2(3)

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 250

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 5000

WebVPN Peers : 2

This platform has an ASA 5550 VPN Premium license.

Thanks in advance ....

1 ACCEPTED SOLUTION

Accepted Solutions

Re: No VPNs in multi-context mode?

Hi .. Unfortunately when using multiple contexts there are some limitations .. VPN support is one of them.

Please see the below link.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/contexts.html#wp1116132

4 REPLIES

Re: No VPNs in multi-context mode?

Hi .. Unfortunately when using multiple contexts there are some limitations .. VPN support is one of them.

Please see the below link.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/contexts.html#wp1116132

Re: No VPNs in multi-context mode?

Hi .. Unfortunately when using multiple contexts there are some limitations .. VPN support is one of them.

Please see the below link.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/contexts.html#wp1116132

New Member

Re: No VPNs in multi-context mode?

Same thing happened to us, slightly different situation. we have 2 5510's running active/active and in order to run a/a you need to run multi context mode and you lose VPN when you do that.

What we ended up doing is using a spare PIX 515 and setting it up solely as a VPN concentrator. Works great but might not be feasible for you.

Good luck

New Member

Re: No VPNs in multi-context mode?

For "home worker" type VPNS, my past several employers have just thrown a Windows Server box on the DMZ and used it as VPN server. I think we will just do that. The problems with PPTP got fixed a long time ago, and every Windows PC comes with a client so you don't have to install and support the cumbersome Cisco client. There are decent PPTP clients for Linux and Mac that are much easier to configure than IPSec. Oh, and it's 1/3 the cost of a VPN appliance; you can use any junky old box since it isn't much of a performance drain.

FWIW, if you only have one context, you don't have to run active/active. I only bought a failover device since I've actually had a couple old 500-series PIXes die in service, and the ASA 5550 still doesn't have dual power or even a PS that can be swapped out without disassembly.

152
Views
0
Helpful
4
Replies
CreatePlease to create content