Saturday, July 28, 2012

SSL VPN is not supported when multiple context is configured on ASA

Learnt a lesson today.  I believe this is something new, but this is something that I have experienced today which spent me a couple of hours to troubleshoot.

What I want to do is to configure a ASA 5540 (version 8.2) as the SSL VPN headend for the VPN phones.  After I write erase the unit, I've found that basic commands like IP address cannot apply to its management and GE interface.  What I have done is to create a context and after I changeto that new context, I can apply those commands.

However the webvpn command is not available, and I have the required license installed.  After a google search, I've found when multiple context is enabled, webvpn is not supported.

Then I deleted the context and start all over again.  Finally I've found that the ASA 5540 with default "mode multiple" enabled.  It means that default it support multiple context and therefore configurations such as IP address cannot apply in the system context.  After I change it to "mode single" and reboot, all the commands including webvpn are accepted.

No comments: