Sounds like a good request for feature to Cisco. I'm for it, I like to do IPSec in mulitple context so I can tie them to different VRF upstream; or better yet support for VRF-Aware IPSec on the ASA in multiple context mode.
Regards, Ge Moua | Email: [EMAIL PROTECTED] Network Design Engineer University of Minnesota | Networking & Telecommunications Services -----Original Message----- From: Ge Moua [mailto:[EMAIL PROTECTED] Sent: Thursday, September 25, 2008 12:22 PM To: 'david raistrick'; '[email protected]' Subject: RE: [c-nsp] ASA doesn't like ipsec... I believe IPSec on the ASA will only run in single/routed mode. Try that. Regards, Ge Moua | Email: [EMAIL PROTECTED] Network Design Engineer University of Minnesota | Networking & Telecommunications Services -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of david raistrick Sent: Thursday, September 25, 2008 12:15 PM To: [email protected] Subject: [c-nsp] ASA doesn't like ipsec... Guys, Trying to turn up a vpn on a newly reinstalled (and out of support) pair of asa 5520s. They're running in multiple context mode, and active/standby. I've searched and searched to no avail, but man this seems familiar.. running 8.04. in ASDM there is no VPN wizard to try. (only setup and HA). Step 2 of vpnsetup site-to-site steps: oma-i33-fw1/oma-prod(config)# crypto isakmp policy 10 ^ ERROR: % Invalid input detected at '^' marker. oma-i33-fw1/oma-prod(config)# The only crypto options I have are: oma-i33-fw1/oma-prod(config)# crypto ? configure mode commands/options: ca Certification authority key Long term key operations oma-i33-fw1/oma-prod(config)# crypto wtf? anyone? Licensed features for this user context: Failover : Active/Active VPN-DES : Enabled VPN-3DES-AES : Enabled GTP/GPRS : Disabled And from the system side: oma-i33-fw1# sh ver | inc VPN VPN-DES : Enabled VPN-3DES-AES : Enabled VPN Peers : 750 WebVPN Peers : 2 This platform has an ASA 5520 VPN Plus license. oma-i33-fw1# --- david raistrick http://www.netmeister.org/news/learn2quote.html [EMAIL PROTECTED] http://www.expita.com/nomime.html _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
