load balance MASTER does not accept VPN request ?

Unanswered Question
Oct 29th, 2009

I have three ASA running as a cluster to accept VPN request, but I noticed recently the MASTER does not take any VPN session only the two backup ASA doing load balance?

Tried reboot still no change?

Any idea

Public IP Role Pri Model IPSec SSL IPSec SSL


* x.x.x.1 Master 1 ASA-5550 0 0 0 1

x.x.x.2 Backup 2 ASA-5550 0 0 2 3

x.x.x.3 Backup 3 ASA-5550 0 0 2 3


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
slmansfield Thu, 10/29/2009 - 10:13

I looked in the ASA documentation and could not find a specific reference, but I know that when clustering VPN concentrators the cluster master always has fewer sessions because of its additional responsibility to manage the sessions between cluster members. It looks like the ASA cluster configuration works similarly.

I think once you get a higher volume of VPN sessions you will see the cluster master start to take on sessions, but it will have a lower percentage of total sessions than the other members.

rico_hao40 Wed, 11/11/2009 - 11:18

Your explanation is exactly same like Cisco TAC. The TAC said if backup load goes up to 5%, then the Master start taking session.

Thank you.


This Discussion