Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NANOG: users

<Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520>

  

 
NANOG users RSS feed   Index | Next | Previous | View Threaded


mruiz at telwestservices

Oct 7, 2009, 9:56 AM

Post #1 of 10 (813 views)
Permalink
<Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520>
Group,



I am stuck like chuck. We are unable to activate a VPN
in one of the virtual firewall context. Under the crypto commands, none
of the IP-sec are available. Any help on this would be appreciated.
Version we running is 8.0(4)





Michael Ruiz mruiz [at] telwestservices
<mailto::mruiz [at] telwestservices>


steve.tillinger at SourceMedia

Oct 7, 2009, 10:00 AM

Post #2 of 10 (791 views)
Permalink
RE: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520> [In reply to]
IPsec isn't available when in multiple context mode.



-----Original Message-----
From: Michael Ruiz [mailto:mruiz [at] telwestservices]
Sent: Wednesday, October 07, 2009 12:56 PM
To: nanog [at] nanog
Subject: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520>

Group,



I am stuck like chuck. We are unable to activate a VPN
in one of the virtual firewall context. Under the crypto commands, none
of the IP-sec are available. Any help on this would be appreciated.
Version we running is 8.0(4)





Michael Ruiz mruiz [at] telwestservices
<mailto::mruiz [at] telwestservices>






"This communication is intended solely for the addressee and is confidential and not for third party unauthorized distribution"


mike.lyon at gmail

Oct 7, 2009, 10:00 AM

Post #3 of 10 (785 views)
Permalink
Re: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520> [In reply to]
Call 1-800-553-2447, they should be able to help.

On Wed, Oct 7, 2009 at 9:56 AM, Michael Ruiz <mruiz [at] telwestservices>wrote:

> Group,
>
>
>
> I am stuck like chuck. We are unable to activate a VPN
> in one of the virtual firewall context. Under the crypto commands, none
> of the IP-sec are available. Any help on this would be appreciated.
> Version we running is 8.0(4)
>
>
>
>
>
> Michael Ruiz mruiz [at] telwestservices
> <mailto::mruiz [at] telwestservices>
>
>
>
>
>
>


jason at i6ix

Oct 7, 2009, 10:02 AM

Post #4 of 10 (793 views)
Permalink
Re: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520> [In reply to]
Michael Ruiz wrote:
> Group,
>
>
>
> I am stuck like chuck. We are unable to activate a VPN
> in one of the virtual firewall context. Under the crypto commands, none
> of the IP-sec are available. Any help on this would be appreciated.
> Version we running is 8.0(4)
>
>
Isn't VPN only available in single-context mode?


fobdfc at gmail

Oct 7, 2009, 10:02 AM

Post #5 of 10 (793 views)
Permalink
Re: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520> [In reply to]
VPNs work only in single, routed mode. VPN functionality is
unavailable in configurations that include either security contexts,
also referred to as multi-mode firewall, or Active/Active stateful
failover.

The exception to this caveat is that you can configure and use one
connection for administrative purposes to (not through) the security
appliance in transparent mode.


From
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/vpnsysop.html

On Wed, Oct 7, 2009 at 11:56 AM, Michael Ruiz <mruiz [at] telwestservices> wrote:
> Group,
>
>
>
>                I am stuck like chuck.  We are unable to activate a VPN
> in one of the virtual firewall context.  Under the crypto commands, none
> of the IP-sec are available.  Any help on this would be appreciated.
> Version we running is 8.0(4)
>
>
>
>
>
> Michael Ruiz mruiz [at] telwestservices
> <mailto::mruiz [at] telwestservices>
>
>
>
>
>
>


jhodges at simplexity

Oct 7, 2009, 10:26 AM

Post #6 of 10 (795 views)
Permalink
RE: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520> [In reply to]
I was in ASA class just last week and asked about this exact issue.

I was told that at this time you cannot do the IPSec VPN in Multiple context mode (due to the ASA not being able to keep track of the SA). This is a software issue that Cisco is working on and has in test at this time. No timeframe for release though.

-John

-----Original Message-----
From: Jason Bertoch [mailto:jason [at] i6ix]
Sent: Wednesday, October 07, 2009 1:03 PM
To: nanog [at] nanog
Subject: Re: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520>

Michael Ruiz wrote:
> Group,
>
>
>
> I am stuck like chuck. We are unable to activate a VPN
> in one of the virtual firewall context. Under the crypto commands, none
> of the IP-sec are available. Any help on this would be appreciated.
> Version we running is 8.0(4)
>
>
Isn't VPN only available in single-context mode?


dane.newman at gmail

Oct 7, 2009, 10:29 AM

Post #7 of 10 (791 views)
Permalink
Re: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520> [In reply to]
yup you lose alot in mutli context mode such as vpn, and routing protocols.
It basically just becomes a true stateful firewall.

On Wed, Oct 7, 2009 at 1:26 PM, John Hodges <jhodges [at] simplexity> wrote:

> I was in ASA class just last week and asked about this exact issue.
>
> I was told that at this time you cannot do the IPSec VPN in Multiple
> context mode (due to the ASA not being able to keep track of the SA). This
> is a software issue that Cisco is working on and has in test at this time.
> No timeframe for release though.
>
> -John
>
> -----Original Message-----
> From: Jason Bertoch [mailto:jason [at] i6ix]
> Sent: Wednesday, October 07, 2009 1:03 PM
> To: nanog [at] nanog
> Subject: Re: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520>
>
> Michael Ruiz wrote:
> > Group,
> >
> >
> >
> > I am stuck like chuck. We are unable to activate a VPN
> > in one of the virtual firewall context. Under the crypto commands, none
> > of the IP-sec are available. Any help on this would be appreciated.
> > Version we running is 8.0(4)
> >
> >
> Isn't VPN only available in single-context mode?
>
>
>


devangnp at gmail

Oct 7, 2009, 10:33 AM

Post #8 of 10 (784 views)
Permalink
Re: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520> [In reply to]
Does Juniper firewall has same issue?

Devang Patel

On Oct 7, 2009, at 11:29 AM, Dane Newman <dane.newman [at] gmail> wrote:

> yup you lose alot in mutli context mode such as vpn, and routing
> protocols.
> It basically just becomes a true stateful firewall.
>
> On Wed, Oct 7, 2009 at 1:26 PM, John Hodges <jhodges [at] simplexity>
> wrote:
>
>> I was in ASA class just last week and asked about this exact issue.
>>
>> I was told that at this time you cannot do the IPSec VPN in Multiple
>> context mode (due to the ASA not being able to keep track of the
>> SA). This
>> is a software issue that Cisco is working on and has in test at
>> this time.
>> No timeframe for release though.
>>
>> -John
>>
>> -----Original Message-----
>> From: Jason Bertoch [mailto:jason [at] i6ix]
>> Sent: Wednesday, October 07, 2009 1:03 PM
>> To: nanog [at] nanog
>> Subject: Re: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA
>> 5520>
>>
>> Michael Ruiz wrote:
>>> Group,
>>>
>>>
>>>
>>> I am stuck like chuck. We are unable to activate a
>>> VPN
>>> in one of the virtual firewall context. Under the crypto
>>> commands, none
>>> of the IP-sec are available. Any help on this would be appreciated.
>>> Version we running is 8.0(4)
>>>
>>>
>> Isn't VPN only available in single-context mode?
>>
>>
>>


mruiz at telwestservices

Oct 7, 2009, 12:47 PM

Post #9 of 10 (788 views)
Permalink
RE: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520> [In reply to]
Thank you for your help for this question. Have a good day.

-----Original Message-----
From: Tillinger, Steve [mailto:steve.tillinger [at] SourceMedia]
Sent: Wednesday, October 07, 2009 12:00 PM
To: Michael Ruiz; nanog [at] nanog
Subject: RE: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520>

IPsec isn't available when in multiple context mode.



-----Original Message-----
From: Michael Ruiz [mailto:mruiz [at] telwestservices]
Sent: Wednesday, October 07, 2009 12:56 PM
To: nanog [at] nanog
Subject: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520>

Group,



I am stuck like chuck. We are unable to activate a VPN
in one of the virtual firewall context. Under the crypto commands, none
of the IP-sec are available. Any help on this would be appreciated.
Version we running is 8.0(4)





Michael Ruiz mruiz [at] telwestservices
<mailto::mruiz [at] telwestservices>






"This communication is intended solely for the addressee and is
confidential and not for third party unauthorized distribution"


eugen at imacandi

Oct 8, 2009, 11:13 AM

Post #10 of 10 (762 views)
Permalink
Re: <Help - Unable to builld a IP-SEC VPN on a Cisco ASA 5520> [In reply to]
Devangnp wrote:
> Does Juniper firewall has same issue?
Nope. Just that you need to get an ISG 1000 or ISG 2000 to be able to
virtualize nowadays, as the old lower model NetScreen boxes are no
longer up for sale.

NANOG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.