Group,
I am stuck like chuck. We are unable to activate a VPN
in one of the virtual firewall context. Under the crypto commands, none
of the IP-sec are available. Any help on this would be appreciated.
Version we running is 8.0(4)
Michael Ruiz mruiz@telwestservices.com
<mailto::mruiz@telwestservices.com>
Call 1-800-553-2447, they should be able to help.
Michael Ruiz wrote:
Group,
I am stuck like chuck. We are unable to activate a VPN
in one of the virtual firewall context. Under the crypto commands, none
of the IP-sec are available. Any help on this would be appreciated.
Version we running is 8.0(4)
Isn't VPN only available in single-context mode?
VPNs work only in single, routed mode. VPN functionality is
unavailable in configurations that include either security contexts,
also referred to as multi-mode firewall, or Active/Active stateful
failover.
The exception to this caveat is that you can configure and use one
connection for administrative purposes to (not through) the security
appliance in transparent mode.
From
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/vpnsysop.html
I was in ASA class just last week and asked about this exact issue.
I was told that at this time you cannot do the IPSec VPN in Multiple context mode (due to the ASA not being able to keep track of the SA). This is a software issue that Cisco is working on and has in test at this time. No timeframe for release though.
-John
yup you lose alot in mutli context mode such as vpn, and routing protocols.
It basically just becomes a true stateful firewall.
Does Juniper firewall has same issue?
Devang Patel
Devangnp wrote:
Does Juniper firewall has same issue?
Nope. Just that you need to get an ISG 1000 or ISG 2000 to be able to virtualize nowadays, as the old lower model NetScreen boxes are no longer up for sale.