CCNA Video Training Series

Instant Access, Web or Mobile!

Only $99 for 30 days...
Renew at half price!

Buy/Renew

Includes FREE Practice Exams!

Member Login

Lost your password?

Not a member yet? Sign Up!

Official Lammle User Forum

  #1  
Old 12-12-2006, 08:15 PM
sproe
Guest
 
Posts: n/a
Default Multiple Context Mode

We were discussing multiple context mode in class today and it sounded like something I should do with my new ASA5520. But then tonight I read that some features are not available in multiple context mode, so that made me rethink the whole thing. It seems you lose VPN, Multicast & Dynamic Routing with multiple context mode. I know we want the VPN for sure and not sure I want to limit our abilities on the rest. Am I reading this right?

--Sandy
Reply With Quote
  #2  
Old 12-13-2006, 01:27 PM
aguilera aguilera is offline
 
Join Date: Aug 2006
Location: Dallas, Texas
Posts: 66
Send a message via AIM to aguilera Send a message via Skype™ to aguilera
Default

You are right!

Multiple context mode does not support :

Dynamic routing protocols (only static routes)

VPN (You can not use the FW as a VPN server or VPN Peer)
* If you choose to use Security Context, you can terminate the VPN connections on the Edge Router, or an a Concentrator.

Multicast (a way around this is to create a tunnel for mcast traffic to flow though)
Reply With Quote
  #3  
Old 08-13-2007, 07:13 AM
pixuser pixuser is offline
Junior Member
 
Join Date: Aug 2007
Posts: 1
Default Re: Multiple context mode

Could you elaborate on the case of virtual instances with VPN.

Don't you think that this would be a very important feature to be enabled on PIX ?

Thanks,
pixuser
Reply With Quote
  #4  
Old 10-18-2007, 10:40 AM
aguilera aguilera is offline
 
Join Date: Aug 2006
Location: Dallas, Texas
Posts: 66
Send a message via AIM to aguilera Send a message via Skype™ to aguilera
Default Virtual Instances...

Virtual Private Networks? or Virtual Firewalls?

Remember... Routers and other VPN Gateways were terminating VPN connections way before PIX and ASAs were.

Unfortunately, integrated functionality has spoiled us. In some ways it has even skewed our perception of device functionality vs. a device's ability. In this case, using one function disables the firewalls ability to perform another.

Remember just because a box has the function available doesn't mean you have to use it. Evaluate your environment and see if you can justify the need for security contexts.

If your working environment has site-to-site VPNs or remote access VPNs and is solely dependent on your Firewall to act as a VPN Peer or VPN Server then using Security Contexts are not an option for you.

If your working environment has alternate VPN Gateways then Security Contexts could be an option for you.

If the loss of Dynamic Routing, VPNs and Multicasting are not issue for you then go for it.

- aguilera
Reply With Quote
Reply

Bookmarks
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
BPDU Filter Questions on Global Configuration Mode and Interface Configuration Mode vazurahan Switching 1 08-17-2011 11:11 AM
Reason for multiple subnet in Vlans? eoswins Switching 5 06-13-2011 11:02 PM
Before I Move on lildeezul ISCW 3 12-12-2009 02:08 PM
Spot the difference Andrew Switching 15 12-31-2008 05:01 AM
interVlan routing multiple routers to 1 switch ibanez77 Switching 4 09-14-2008 08:03 AM


All times are GMT -5. The time now is 08:22 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
css.php