Official Lammle User Forum

Results 1 to 4 of 4
  1. #1
    sproe Guest

    Default Multiple Context Mode

    We were discussing multiple context mode in class today and it sounded like something I should do with my new ASA5520. But then tonight I read that some features are not available in multiple context mode, so that made me rethink the whole thing. It seems you lose VPN, Multicast & Dynamic Routing with multiple context mode. I know we want the VPN for sure and not sure I want to limit our abilities on the rest. Am I reading this right?


  2. #2
    Join Date
    Aug 2006
    Dallas, Texas


    You are right!

    Multiple context mode does not support :

    •Dynamic routing protocols (only static routes)

    •VPN (You can not use the FW as a VPN server or VPN Peer)
    * If you choose to use Security Context, you can terminate the VPN connections on the Edge Router, or an a Concentrator.

    •Multicast (a way around this is to create a tunnel for mcast traffic to flow though)

  3. #3
    Join Date
    Aug 2007

    Default Re: Multiple context mode

    Could you elaborate on the case of virtual instances with VPN.

    Don't you think that this would be a very important feature to be enabled on PIX ?


  4. #4
    Join Date
    Aug 2006
    Dallas, Texas

    Default Virtual Instances...

    Virtual Private Networks? or Virtual Firewalls?

    Remember... Routers and other VPN Gateways were terminating VPN connections way before PIX and ASAs were.

    Unfortunately, integrated functionality has spoiled us. In some ways it has even skewed our perception of device functionality vs. a device's ability. In this case, using one function disables the firewalls ability to perform another.

    Remember just because a box has the function available doesn't mean you have to use it. Evaluate your environment and see if you can justify the need for security contexts.

    If your working environment has site-to-site VPNs or remote access VPNs and is solely dependent on your Firewall to act as a VPN Peer or VPN Server then using Security Contexts are not an option for you.

    If your working environment has alternate VPN Gateways then Security Contexts could be an option for you.

    If the loss of Dynamic Routing, VPNs and Multicasting are not issue for you then go for it.

    - aguilera

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Multiple startup configurations
    By Ltat42a in forum General Questions (Any Chapter)
    Replies: 1
    Last Post: 11-28-2011, 11:58 AM
  2. Replies: 1
    Last Post: 08-17-2011, 11:11 AM
  3. Multiple routing protocols
    By sukarabi in forum Routing
    Replies: 1
    Last Post: 10-10-2008, 11:54 PM
  4. Security Context
    By ngravatt in forum PIX and ASA
    Replies: 2
    Last Post: 03-21-2007, 11:45 AM
  5. Security Context URL
    By aguilera in forum PIX and ASA
    Replies: 0
    Last Post: 12-13-2006, 10:22 AM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts