Calling all ASA engineers

itdaddy

Hey ASA engineers;

we have this new ASA 5510 and we are virtualizing the firewalls; i think it is calle multiple contexts and well we have this:

1. Internet vm firewall
2. Private vm firewall
3. Admin vm Firewall

and appaarently our CCNP engineer says Cisco has issues allowing VPNS for any of these vm firewalls is this true??

It is hard to believe that an ASA firewall cannot create VPNs with each VM???doesnt make sense
can someone clarifty this for me and if there is a workaround

do you have a config or can point me in the right direction??

stealthtt

Your engineer is correct. You won't be able to do VPNs on those security contexts.

itdaddy

you have got to be kidding...isnt there a patch or something I heard there was a patch
doesnt make sense

stealthtt

No, VPN support is disabled when using multiple contexts.

tiersten

It isn't supported at all by Cisco. The ASA software just doesn't do it. Maybe in the future *shrug*

itdaddy

thanks guys

yeah, it just sucks! amazing how this piece of fancy firwall is just that a firewall
even though it can have many functions..funny how it is in the fine print...
thanks

redwarrior

I think the virtualization technology as it applies to network devices is still a bit new compared to what we've seen in the server world, but maybe in time...

On a somewhat related, somewhat unrelated note...I was lucky enough to get to sit through a new product run-down at our local Cisco office...the Nexus 1000v switch for VMWare sounds really promising for those of us supporting VMWare servers in our datacenters...anyone else heard abou those?

cisco_trooper

itdaddy wrote:

thanks guys

yeah, it just sucks! amazing how this piece of fancy firwall is just that a firewall
even though it can have many functions..funny how it is in the fine print...
thanks

Wowsers..... I have 4 or 5 ASA5510s and 5520s. I haven't used any virtual firewalls on them but now I know not to bother. VPN support is mandatory....