cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3046
Views
0
Helpful
17
Replies

ASA Active Active

navypop42
Level 1
Level 1

Can I have Vpn lan to lan tunnels with an active active configuration on

a pair of Cisco 5520's.

17 Replies 17

Collin Clark
VIP Alumni
VIP Alumni

You can, but you must go to the physical interface IP and not the virtual.

Hope that helps.

Nope, when running in multiple context mode VPN is not supported.

Br Jimmy

There is no mention of multiple contexts.

"Active active" implies multi-context.

Yes jilahbg

is right you cannot have VPN or Dynamic routing in an enviroment with multiple context. Failover A/A requires Multiple context

No it doesn't. I'm running an active/active pair w/o contexts.

Do you have one or 2 physical units? How does the output of "show failover" (or is it "show standby") look like?

+1

I have configured 2 Cisco 5520 ASA's with active active and the main device

is up and the backup

is just in standby.

Thank You

Bill Murray

315-435-4768

315-264-9152

From: jilahbg

To: William Murray

Date: 02/11/2010 03:39 PM

Subject: New message: "ASA Active

Active"

navypop42,

A new message was posted in the Discussion thread "ASA Active Active":

https://supportforums.cisco.com/message/3017505#3017505

Author : jilahbg

Profile : https://supportforums.cisco.com/people/jilahbg

Message:

Ok. What you have is an active/passive-configuration. Since the second unit is "just in standby" its not really active.

Since one context can never be active in two units simultanously there is no way to "load-share" in that setup. The only way to balance the load between multiple hardwares is to have multiple context and spread the active-unit for each context over the hardwares.

I personally dont like Cisco calling it "active/active". It is what I define as sales b*llsh*t. :-)

Br Jimmy

Yes this is not being built as a load share but hot spare.

Thank You

Bill Murray

315-435-4768

315-264-9152

From: jilahbg

To: William Murray

Date: 02/11/2010 04:06 PM

Subject: New message: "ASA Active

Active"

navypop42,

A new message was posted in the Discussion thread "ASA Active Active":

https://supportforums.cisco.com/message/3017585#3017585

Author : jilahbg

Profile : https://supportforums.cisco.com/people/jilahbg

Message:

Well guys.

If you have 2 multiple context you can have 1 contect  active in an ASA and the another one active in the another ASA. So you will have them both active.!!!!!

Diecocambronero: What you describes is a multi-context-configuration which do NOT support site-2-site-vpn.

This blogg text describes all possible scenarios:

http://blogg.kvistofta.nu/cisco-asa-activeactive-failover/

Br Jimmy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: