We got two ASA5540s. ASA#1 has 5000 IPSEC and 500 SSL license. ASA#2 has only 5000 IPSEC license.
We enabled VPN load balancing on both boxes. They see each other in terms of VPN load balancing configuration.
The problem is, ASA#1 is master in cluster. It does not have any VPN sessions on it, when we try to initiate the first IPSEC VPN connection into the cluster IP, ASA#1 automatically redirects us to ASA#2.
Any one have any explanation to VPN load balancing algorithm of Cisco ASA ?
One more question, is it ok if we load balance SSL VPN (Anyconnect clients) through a Cisco CSS, customer does not prefer to purchase SSL certificates for all IP addresses in the cluster ?
Thanks in advance.