I have to create dynmaic VPN on our multicontext firewall ASA 5510 with 250 VPN license.This Firewall will have statically assigned ip address and ten hub sites will obtain ip address dynamically from ISP.
My question is how many VPN license will be utilsed on my firewall 10 or one, ? because there will be only one dynamic VPN entry on FW.
I have not tested myself yet but to me it seems that you will have to be using some new 9.x series software to even have support for VPNs in Multiple Context Mode.
I also presume that you will actually have to allocate VPN session limits to a Security Context for it to be able to use VPN connections.
Also an ASA running in Multiple Context Mode should only support L2L VPN connections. I am not sure if there is any limitations regarding what type of L2L VPN you can configure. I mean if there is any limit regarding using a Dynamic Map as yours would need. Atleast the Command Reference states that the command is supported in Multiple Context Mode so it would seem to be possible.
I guess the limitation regarding VPN Client connections in Multiple Context Mode prevents you from configuring a "tunnel-group" that is of the "remote-access" type.
With regards to the license I would imagine that the ASA will consume the license based on the amount of active connections, not based on the amount of "crypto map" configurations.
Not perhaps 100% accurate information but my own ramblings to get the discussion started.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...