Load Balancing VPN traffic

Answered Question
Jan 6th, 2010
User Badges:

Hi all,


Id like to install  two ASA5540s in an active active configuration. Im not gonna use security contexts because it is said that VPN is not supported in this mode. So I will setup a Cisco CSS in front of these two ASAs. In this configuration, guess I have to install both ASAs as standadlone boxes and will have to configıure them seperately, right ?


Is there any way to configure both of these ASAs simultaneously through one ASDM GUI ?


Thanks in advance

Correct Answer by Joe B Danford about 7 years 6 months ago

You will need to configure the ASAs as standalone for this. You can use ASDM to manage more than one device in a seperate instance if that makes sense.


Why not use ASA VPN Load Balancing with no CSS needed? This will distrbute the load and is also scalable should you add more devices in the future. Here is a link on it


http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/vpnsysop.html#wp1048834


Thanks,


Joe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Joe B Danford Wed, 01/06/2010 - 12:39
User Badges:
  • Cisco Employee,

You will need to configure the ASAs as standalone for this. You can use ASDM to manage more than one device in a seperate instance if that makes sense.


Why not use ASA VPN Load Balancing with no CSS needed? This will distrbute the load and is also scalable should you add more devices in the future. Here is a link on it


http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/vpnsysop.html#wp1048834


Thanks,


Joe

dumlutimuralp Wed, 01/06/2010 - 12:43
User Badges:

Hi,


thanks a lot. In fact Ive been going through the same subject that you mentioned.


About your answer using ADSM, what if I change like many VPN groups on ASA#1 and would like to have ASA# receive those config changes automatically ? (No way ? right   , have to configure everything twice ?)

Actions

This Discussion