Re: ASA 5550 question from Carlos G Mendioroz on 2010-10-06 (Ccielab archives 10/2010)

From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
Date: Wed, 06 Oct 2010 18:55:32 -0300

Brian, I know it can't be done, but Joseph kind of implied that there
is a logical reason to why it can not be done even in a future release
of code, i.e., there is an architecture gotcha, sort of.

I was just trying to get some info about that...

Mahaffey, Brian @ 6/10/2010 18:04 -0300 dixit:
> http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/c
> ontexts.html#wp1116132
>
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Carlos G Mendioroz
> Sent: Wednesday, October 06, 2010 1:18 PM
> To: Joseph L. Brunner
> Cc: 'rwest_at_zyedge.com'; 'maniac.smg_at_gmail.com'; 'ccielab_at_groupstudy.com'
> Subject: Re: ASA 5550 question
>
> Joseph,
> would you please elaborate on why is it not feasible to do it ?
>
> If the interfaces are dedicated, there is no issue, right ?
> If there is a common interface, and different IPs/MACs on the contexts,
> I see no problem either. You might, as cisco, require different IPs to
> enable VPN... or am I missing something ?
>
> BTW, what's the problem with talking jackets ? :)
> -Carlos
>
> Joseph L. Brunner @ 6/10/2010 16:30 -0300 dixit:
>> Not realistic or possible given the multi-context packet routing
> engine between the interfaces and context forwarding.
>> I assume we'll be waiting for that Ryan until we get our Auto-lacing
> nike's and self-drying/adjusting jackets that talk to us in 2015.
>>
>> This is one of a thousand reasons the biggest most complex
> environments use checkpoint or juniper netscreen.
>> Joe
>>
>>
>> ----- Original Message -----
>> From: Ryan West <rwest_at_zyedge.com>
>> To: Joseph L. Brunner; Shaughn Smith <maniac.smg_at_gmail.com>; Cisco
> certification <ccielab_at_groupstudy.com>
>> Sent: Wed Oct 06 15:12:37 2010
>> Subject: RE: ASA 5550 question
>>
>> Wait for the next release :) RA / L2L in multi context due *soon*
>>
>> -ryan
>>
>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> Of Joseph L. Brunner
>> Sent: Wednesday, October 06, 2010 3:09 PM
>> To: Shaughn Smith; Cisco certification
>> Subject: RE: ASA 5550 question
>>
>> Crypto not allowed partner...
>>
>> Sorry...
>>
>> Time for a checkpoint
>>
>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> Of Shaughn Smith
>> Sent: Wednesday, October 06, 2010 3:06 PM
>> To: Cisco certification
>> Subject: ASA 5550 question
>>
>> Hi All
>>
>> I have a Cisco ASA 5550 running which in turn is running 3 contexts.
>>
>> Everything has been running smoothly but now the client is asking for
> Ipsec remote access VPN's.
>> I have no issue configuring this as i have done it 100 times before,
> however when i type the crypto ipsec command i get this as an option
>> Fxxxxt(config)# crypto ?
>>
>> configure mode commands/options:
>> ca Certification authority
>> key Long term key operations
>>
>> ie IPSEC is not supported. Now i dont know if this is a licencing
> issue or an actual software version
>> Here is the SH VER output
>>
>> icensed features for this platform:
>> Maximum Physical Interfaces : Unlimited
>> Maximum VLANs : 250
>> Inside Hosts : Unlimited
>> Failover : Active/Active
>> VPN-DES : Enabled
>> VPN-3DES-AES : Enabled
>> Security Contexts : 2
>> GTP/GPRS : Disabled
>> SSL VPN Peers : 2
>> Total VPN Peers : 5000
>> Shared License : Disabled
>> AnyConnect for Mobile : Disabled
>> AnyConnect for Linksys phone : Disabled
>> AnyConnect Essentials : Disabled
>> Advanced Endpoint Assessment : Disabled
>> UC Phone Proxy Sessions : 2
>> Total UC Proxy Sessions : 2
>> Botnet Traffic Filter : Disabled
>>
>> This platform has an ASA 5550 VPN Premium license.
>>
>> Says 3DES-AES is enabled but that might be for SSL VPN's. I have
> really done any research yet but sure it has to do with the VPN Premium
> licence.
>> Thanks
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>>
> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>>
> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>>
> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>

-- 
Carlos G Mendioroz  <tron_at_huapi.ba.ar>  LW7 EQI  Argentina
Blogs and organic groups at http://www.ccie.net

Received on Wed Oct 06 2010 - 18:55:32 ART

This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 06:42:05 ART