Example:
ASA 5550 with base license supports 5000 VPN sessions.
You have two contexts and want to share VPN resources assigning 2000 sessions to each context:
asa/admin(config)# changeto system
asa(config)# class vpn-2000
asa(config-class)# limit-resource vpn other 2000
asa(config-class)# limit-resource vpn burst other 1000
asa(config-class)# exit
asa(config)# context context-a
asa(config-ctx)# member vpn-2000
asa(config-ctx)#exit
asa(config)# context context-b
asa(config-ctx)# member vpn-2000
asa(config-ctx)#exit
vpn burst other is the number of VPN sessions allowed beyond the amount assigned to a context with vpn other. Unlike vpn other, which guarantees the sessions to the context, vpn burst other can be oversubscribed; the burst pool is available to all contexts on a first-come, first-served basis.
http://www.cisco.com/c/en/us/td/docs/security/asa/command-reference/cmdref/l1.html#pgfId-1697181
Thanks so much for the assitance, it was a major help! I configured the PIX with the commands. Additionally, I had to configure the tunnel-group on the ASA as well:
ReplyDeletetunnel-group 173.xxx.xxx.xxx type ipsec
Everything is working.
Now i`m successfully running iron socket vpn on my cisco router.
Great! I appreciate your feedback.
DeleteThanks for beautiful explanation!!!!
ReplyDeleteIs there any limitation of configuring no. Of VPNs in one context. VPN session does refer no. of VPN connection or configuration.
It limits the number of VPN connections. You can have any number of configured tunnels, but established ones are limited by resource class config.
DeleteAwesome, keep doing the same good work.
ReplyDelete