RE: ASA 5550 question

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/c
ontexts.html#wp1116132

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Carlos G Mendioroz
Sent: Wednesday, October 06, 2010 1:18 PM
To: Joseph L. Brunner
Cc: 'rwest_at_zyedge.com'; 'maniac.smg_at_gmail.com'; 'ccielab_at_groupstudy.com'
Subject: Re: ASA 5550 question

Joseph,
would you please elaborate on why is it not feasible to do it ?

If the interfaces are dedicated, there is no issue, right ?
If there is a common interface, and different IPs/MACs on the contexts,
I see no problem either. You might, as cisco, require different IPs to
enable VPN... or am I missing something ?

BTW, what's the problem with talking jackets ? :)
-Carlos

Joseph L. Brunner @ 6/10/2010 16:30 -0300 dixit:
> Not realistic or possible given the multi-context packet routing
engine between the interfaces and context forwarding.
>
> I assume we'll be waiting for that Ryan until we get our Auto-lacing
nike's and self-drying/adjusting jackets that talk to us in 2015.
>
>
> This is one of a thousand reasons the biggest most complex
environments use checkpoint or juniper netscreen.
>
> Joe
>
>
> ----- Original Message -----
> From: Ryan West <rwest_at_zyedge.com>
> To: Joseph L. Brunner; Shaughn Smith <maniac.smg_at_gmail.com>; Cisco
certification <ccielab_at_groupstudy.com>
> Sent: Wed Oct 06 15:12:37 2010
> Subject: RE: ASA 5550 question
>
> Wait for the next release :) RA / L2L in multi context due *soon*
>
> -ryan
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
Of Joseph L. Brunner
> Sent: Wednesday, October 06, 2010 3:09 PM
> To: Shaughn Smith; Cisco certification
> Subject: RE: ASA 5550 question
>
> Crypto not allowed partner...
>
> Sorry...
>
> Time for a checkpoint
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
Of Shaughn Smith
> Sent: Wednesday, October 06, 2010 3:06 PM
> To: Cisco certification
> Subject: ASA 5550 question
>
> Hi All
>
> I have a Cisco ASA 5550 running which in turn is running 3 contexts.
>
> Everything has been running smoothly but now the client is asking for
Ipsec remote access VPN's.
>
> I have no issue configuring this as i have done it 100 times before,
however when i type the crypto ipsec command i get this as an option
>
> Fxxxxt(config)# crypto ?
>
> configure mode commands/options:
> ca Certification authority
> key Long term key operations
>
> ie IPSEC is not supported. Now i dont know if this is a licencing
issue or an actual software version
>
> Here is the SH VER output
>
> icensed features for this platform:
> Maximum Physical Interfaces : Unlimited
> Maximum VLANs : 250
> Inside Hosts : Unlimited
> Failover : Active/Active
> VPN-DES : Enabled
> VPN-3DES-AES : Enabled
> Security Contexts : 2
> GTP/GPRS : Disabled
> SSL VPN Peers : 2
> Total VPN Peers : 5000
> Shared License : Disabled
> AnyConnect for Mobile : Disabled
> AnyConnect for Linksys phone : Disabled
> AnyConnect Essentials : Disabled
> Advanced Endpoint Assessment : Disabled
> UC Phone Proxy Sessions : 2
> Total UC Proxy Sessions : 2
> Botnet Traffic Filter : Disabled
>
> This platform has an ASA 5550 VPN Premium license.
>
> Says 3DES-AES is enabled but that might be for SSL VPN's. I have
really done any research yet but sure it has to do with the VPN Premium
licence.
>
> Thanks
>
>
> Blogs and organic groups at http://www.ccie.net
>
>
Received on Wed Oct 06 2010 - 14:04:55 ART