Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
513
Views
0
Helpful
1
Replies

SSL VPN through CSS and ASA VPN Load Balancing Logic ?

dumlutimuralp
Level 1
Level 1

‎01-13-2010 11:35 AM

Hi all,

We got two ASA5540s. ASA#1 has 5000 IPSEC and 500 SSL license. ASA#2 has only 5000 IPSEC license.

We enabled VPN load balancing on both boxes. They see each other in terms of VPN load balancing configuration.

The problem is, ASA#1 is master in cluster. It does not have any VPN sessions on it, when we try to initiate the first IPSEC VPN connection into the cluster IP, ASA#1 automatically redirects us to ASA#2.

Any one have any explanation to VPN load balancing algorithm of Cisco ASA ?

One more question, is it ok if we load balance SSL VPN (Anyconnect clients) through a Cisco CSS, customer does not prefer to purchase SSL certificates for all IP addresses in the cluster ?

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

dumlutimuralp
Level 1
Level 1

‎01-18-2010 10:40 AM

Hi all,

I have found my answer through a search. Here is the logic :

Load is calculated by a % of user load.  There is no preference to stick to box A or box B, this is the only factor taken in to consideration. If you would like to have the user load % increase faster on a device, you will want to tune down the max # of users it can support. It takes 50 users to = 1% load if you are configured to support the full 5K users.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents