[117971] in North American Network Operators' Group
Re:
daemon@ATHENA.MIT.EDU (Devangnp)
Wed Oct 7 13:33:48 2009
From: Devangnp <devangnp@gmail.com>
To: Dane Newman <dane.newman@gmail.com>
In-Reply-To: <a54820e50910071029i41099d2cqf0bec57f7c52ea8e@mail.gmail.com>
Date: Wed, 7 Oct 2009 11:33:14 -0600
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Does Juniper firewall has same issue?
Devang Patel
On Oct 7, 2009, at 11:29 AM, Dane Newman <dane.newman@gmail.com> wrote:
> yup you lose alot in mutli context mode such as vpn, and routing
> protocols.
> It basically just becomes a true stateful firewall.
>
> On Wed, Oct 7, 2009 at 1:26 PM, John Hodges <jhodges@simplexity.com>
> wrote:
>
>> I was in ASA class just last week and asked about this exact issue.
>>
>> I was told that at this time you cannot do the IPSec VPN in Multiple
>> context mode (due to the ASA not being able to keep track of the
>> SA). This
>> is a software issue that Cisco is working on and has in test at
>> this time.
>> No timeframe for release though.
>>
>> -John
>>
>> -----Original Message-----
>> From: Jason Bertoch [mailto:jason@i6ix.com]
>> Sent: Wednesday, October 07, 2009 1:03 PM
>> To: nanog@nanog.org
>> Subject: Re: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA
>> 5520>
>>
>> Michael Ruiz wrote:
>>> Group,
>>>
>>>
>>>
>>> I am stuck like chuck. We are unable to activate a
>>> VPN
>>> in one of the virtual firewall context. Under the crypto
>>> commands, none
>>> of the IP-sec are available. Any help on this would be appreciated.
>>> Version we running is 8.0(4)
>>>
>>>
>> Isn't VPN only available in single-context mode?
>>
>>
>>
