RE: Question regarding ASA and using security contexts with VPN

From: Peter Grewal (peter@avient.ca)
Date: Thu Apr 10 2008 - 16:55:44 ART

• Next message: St Pancras: "Re: Changes to GroupStudy"
• Previous message: Matt Bentley: "Re: Multiple OSPF Adjacencies In Different Areas Out Single"
• Maybe in reply to: Peter Grewal: "Question regarding ASA and using security contexts with VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Its funny my netscreen 204, netscreen 5GTs support PBR and there 3-4 years
old. With Cisco being a router company you figure they would be able to
handle something as simple as PBR.

Peter.

From: Farrukh Haroon [mailto:farrukhharoon@gmail.com]
Sent: Thursday, April 10, 2008 3:33 PM
To: Peter Grewal
Cc: ccielab@groupstudy.com
Subject: Re: Question regarding ASA and using security contexts with VPN

Get something else then :). Netscreen for example supports PBR, BGP, also
support VPNs in both Transparent Mode and Virtual mode AFAIK. And its
amazingly easy to manage.

Or you could run the Cisco firewall in transparent mode. In version 8.x
transparent mode supports NAT. But then VPN is only supported to manage the
BOX (in transparent mode).
This again will not meet your requirements.

Or ask Cisco.........why are they ignoring these genuine needs (VPN support
in Active Active), PBR etc. for so long and introducing -non-so-necessary-
features like DTM, Per User SSL Portals etc?

Regards

Farrukh

On Thu, Apr 10, 2008 at 10:22 PM, Peter Grewal <peter@avient.ca> wrote:

Doesn't meet my need of having group 1 using connection 1 and group 2 using
connection 2.

Peter.

From: Farrukh Haroon [mailto:farrukhharoon@gmail.com]
Sent: Thursday, April 10, 2008 3:02 PM

To: Peter Grewal
Cc: ccielab@groupstudy.com
Subject: Re: Question regarding ASA and using security contexts with VPN

You can have an active/passive setup using tracking in the following way:

http://www.cisco.com/warp/public/110/pix-dual-isp.html

On Thu, Apr 10, 2008 at 9:43 PM, Peter Grewal <peter@avient.ca> wrote:

Guys,

So question, is it possible to connect two internet connections and route
different traffic out, whilst supporting VPN ?

From: Farrukh Haroon [mailto:farrukhharoon@gmail.com]
Sent: Thursday, April 10, 2008 2:12 PM
To: Peter Grewal
Cc: ccielab@groupstudy.com
Subject: Re: Question regarding ASA and using security contexts with VPN

Peter, Dynamic Routing, QOS, VPNs are not supported in multiple context
mode. As per the Cisco SEs, it is on the road-map tough.

Source based Routing is also not supported to date (AFAIK).

Regards

Farrukh

On Thu, Apr 10, 2008 at 8:44 PM, Peter Grewal <peter@avient.ca> wrote:

Guys,

I have a question, is there any way to get VPNs working with security
contexts, if I use security contexts is there any way to terminate VPN
sessions on the firewall ? Or does anyone know if the ASA firewalls support
source based routing ?

Thank you.

Peter.

Pass the CCIE in six weeks, Guaranteed!
http://www.certscience.com/CCIE

• Next message: St Pancras: "Re: Changes to GroupStudy"
• Previous message: Matt Bentley: "Re: Multiple OSPF Adjacencies In Different Areas Out Single"
• Maybe in reply to: Peter Grewal: "Question regarding ASA and using security contexts with VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART