02-17-2009 01:23 PM - edited 03-11-2019 07:52 AM
I was wondering if I can do an active/active setup and still use Remote Access IPSEC VPN's with two ASA 5550's. I hear that you can't but if that is true are there any workarounds? I don't care if the VPN tunnels don't failover, I just want it so that if one ASA fails over then the other one will pick up for regular traffic, but for VPN I don't care if it just uses one ASA or the other as long as it can use one of them should one ASA fail.
Thanks!
02-17-2009 01:53 PM
For Active/Active, you need to enable multiple contexts. You need to make some contexts active at one ASA & remaining contexts active on the other ASA.
Multiple context mode does not support these features:
* Dynamic routing protocols ( only static routes. You cannot enable OSPF or RIP in multiple context mode)
* VPN (IPsec / SSL)
* Multicast Routing (Multicast bridging is supported)
* Threat Detection
In Summary VPN feature cannot be configured when running ASAs in active/active topology
Syed Iftekhar Ahmed
02-19-2009 02:49 PM
use active/standby instead if you'll implementing ipsec vpn in a failover scenario.
active/active is not supported so far...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide