02-17-2009 01:23 PM - edited 03-11-2019 07:52 AM
I was wondering if I can do an active/active setup and still use Remote Access IPSEC VPN's with two ASA 5550's. I hear that you can't but if that is true are there any workarounds? I don't care if the VPN tunnels don't failover, I just want it so that if one ASA fails over then the other one will pick up for regular traffic, but for VPN I don't care if it just uses one ASA or the other as long as it can use one of them should one ASA fail.
Thanks!
02-17-2009 01:53 PM
For Active/Active, you need to enable multiple contexts. You need to make some contexts active at one ASA & remaining contexts active on the other ASA.
Multiple context mode does not support these features:
* Dynamic routing protocols ( only static routes. You cannot enable OSPF or RIP in multiple context mode)
* VPN (IPsec / SSL)
* Multicast Routing (Multicast bridging is supported)
* Threat Detection
In Summary VPN feature cannot be configured when running ASAs in active/active topology
Syed Iftekhar Ahmed
02-19-2009 02:49 PM
use active/standby instead if you'll implementing ipsec vpn in a failover scenario.
active/active is not supported so far...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: