02-28-2008 12:13 AM - edited 03-11-2019 05:10 AM
Hi,
I was going through the link for help on configuring failover for multiple contexts & came across a strange statement. Can someone pls help clarify this, "When the security appliance is configured for Active/Active stateful failover, you cannot enable IPSec or SSL VPN. Therefore, these features are unavailable. VPN failover is available for Active/Standby failover configurations only".
Here is the link:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html
thanks
BVS
03-01-2008 05:25 AM
It is as it says. If you are running active active you cannot terminate VPN traffic wheras if you are in active/standby you can.
03-01-2008 06:20 AM
If you want Active/Active...Active firewall
that can also terminate VPN and/or ssl VPN,
checkpoint can do that.
Even with Cisco ASA in Active/Active, it is not
really Active/Active. It is similar to IOS
HSRP but not as flexible as HSRP.
CCIE security
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: