• ASAs don’t support virtual interfaces for tunnels the way IOS Routers do.
  • ASAs don’t allow for running Dynamic Routing protocols over VPN tunnels.
  • ASAs don’t allow for overlapping crypto map statements.
  • ASAs don’t allow to pin VPN tunnels to different tenants

But yeah, let’s use Cisco ASAs for all our VPN tunnels.  Great idea.