Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
4
Helpful
2
Replies

active/active ASA 8.3 with VPN

Aaron Greene
Level 1
Level 1

‎02-17-2009 01:23 PM - edited ‎03-11-2019 07:52 AM

I was wondering if I can do an active/active setup and still use Remote Access IPSEC VPN's with two ASA 5550's. I hear that you can't but if that is true are there any workarounds? I don't care if the VPN tunnels don't failover, I just want it so that if one ASA fails over then the other one will pick up for regular traffic, but for VPN I don't care if it just uses one ASA or the other as long as it can use one of them should one ASA fail.

Thanks!

Labels:
0 Helpful
2 Replies 2

Syed Iftekhar Ahmed
Level 8
Level 8

‎02-17-2009 01:53 PM

For Active/Active, you need to enable multiple contexts. You need to make some contexts active at one ASA & remaining contexts active on the other ASA.

Multiple context mode does not support these features:

* Dynamic routing protocols ( only static routes. You cannot enable OSPF or RIP in multiple context mode)

* VPN (IPsec / SSL)

* Multicast Routing (Multicast bridging is supported)

* Threat Detection

In Summary VPN feature cannot be configured when running ASAs in active/active topology

Syed Iftekhar Ahmed

Gerard Gacusan
Level 1
Level 1

‎02-19-2009 02:49 PM

use active/standby instead if you'll implementing ipsec vpn in a failover scenario.

active/active is not supported so far...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card