ASA and vpn load balancing

Unanswered Question
Apr 5th, 2007


I am configuring 2 ASA5540 for internet trafic inside to outside ,

outside to inside (web,smtp) but also vpn load balancing for client to site , site to site and webvpn.

In the doc I can configure them for internet trafic as Active/Standby or Active/active.

for vpn : I can use vpn load balancing

But no information if I want to use the active/passif and vpn load balancing together.

Any thoughts on which way to go? what is the best thing to do ?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
brispin Wed, 04/11/2007 - 06:18

I think it is better to use Active/Active for VPN load balancing because in such a config both of the devices can share the load among themselves as compared to Active/standby.

ionalonso Thu, 02/18/2010 - 00:48


I think that you cannot use an Active/Active configuration for VPN connections as it is stated on Cisco's documentation: "Note: VPN failover is not supported on units that run in multiple context mode as VPN is not supported in multiple context. VPN failover is available only for Active/Standby Failover configurations in single context configurations" available at

Hope it helps


This Discussion