Ge, That's exactly what I was referring to, 2 pairs, one for the multiple context and one for the VPN terminations. Then the group-policy mappings contain the VLAN mapping for each customer.
-ryan -----Original Message----- From: Ge Moua [mailto:[email protected]] Sent: Sunday, July 19, 2009 3:27 PM To: Ryan West Cc: Clue Store; [email protected] Subject: Re: [c-nsp] ASA Multiple Context Mode I've done IOS based WebVPN with multiple VRFs (vrf-lite in this case); this is somewhat analogous to the ASA w/ multiple context; I know you mentioned how to do this on the ASA which I don't believe is possible. Our Cisco Acct SE mentioned vlan mapping where you terminate the webvpn/ipsec tunnel on one interface but then funnel the designated traffic per customer to different downstream vlan or interfaces; essentially this allows you to have multiple customer group in one context; i've seen docs on cisco cco that mentions this as well; good luck. Regards, Ge Moua | Email: [email protected] Network Design Engineer University of Minnesota | Networking & Telecommunications Services Ryan West wrote: > Clue, > > I am pretty sure that it doesn't support SSL VPN's either. All NetPro > discussions show the same results. Assuming you are support multiple > customers and want to give them access to their firewall, or whatever you > reason for choosing multiple context may be, you should use another ASA pair > in Active/Standby to provide VPN termination services. You may have to mess > around with RRI, but you should be able to pull off customer segregation > using VLANs. > > -ryan > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Clue Store > Sent: Sunday, July 19, 2009 2:14 PM > To: [email protected] > Subject: [c-nsp] ASA Multiple Context Mode > > Hi All, > > > As I understand that the ASA in multiple context mode does not support > "VPN's", does this also inclue SSL VPN's?? Someone has mentioned that it > turns off IPSEC engine in this mode, but I have not been able to find > anywhere where it says SSL VPN's are not supported. If it doesn't support > SSL VPN, what are other folks doing for VPN's in this situation where > multiple contexts are being used?? > > TIA, > Clue > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
