IPSec support for Active/Active config on ASA

Unanswered Question
Feb 28th, 2008


I was going through the link for help on configuring failover for multiple contexts & came across a strange statement. Can someone pls help clarify this, "When the security appliance is configured for Active/Active stateful failover, you cannot enable IPSec or SSL VPN. Therefore, these features are unavailable. VPN failover is available for Active/Standby failover configurations only".

Here is the link:




I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cdusio Sat, 03/01/2008 - 05:25

It is as it says. If you are running active active you cannot terminate VPN traffic wheras if you are in active/standby you can.

cisco24x7 Sat, 03/01/2008 - 06:20

If you want Active/Active...Active firewall

that can also terminate VPN and/or ssl VPN,

checkpoint can do that.

Even with Cisco ASA in Active/Active, it is not

really Active/Active. It is similar to IOS

HSRP but not as flexible as HSRP.

CCIE security


This Discussion