Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

multiple security contexts - ASA 5500 no VPN support

I need a work around - I have upgraded my ASA to support multiple contexts (two of my clients share infrastructure but maintain two separate ISP), now I dont have VPN for 40+ remote locations

New Member

Re: multiple security contexts - ASA 5500 no VPN support

I'm sorry to tell you that, but as far as I know, also in ASA 8.0.4, it is not possible to have VPN's in combination with multiple contexts. The commands are not supported.

Workaround is I think in extra hardware, be it a router or another ASA as VPN terminator, which you route through the correct context if necessary.

Kind regards

P-J Nefkens


Re: multiple security contexts - ASA 5500 no VPN support

because of the way multiple contexts classify packets, i don't think VPNs will ever be possible in this configuration.

like the other posted said, you need more hardware.

or do away with multiple contexts and instead use subinterfaces and correctly configured acl's to keep their traffic seperate.

also try private vlans.

New Member

Re: multiple security contexts - ASA 5500 no VPN support

hmmm, thanks for the information. The issue I have is that there are two clients that are sharing the ASA hardware (and internal L2 devices), whilst maintaining separate ISPs, so multiple contexts is the way to achieve this as I cannot do PBR on the ASA and there are cost constraints on additional hardware - otherwise I would have a router for PBR.

I may be able to utilise a VPN3005 for the VPN tunnel end point and client VPN.

I havent been able to find any configuration examples / design documents for implementing a VPN concentrator as well as the ASA - any further help would be greatly appreciated.