ASA SSL VPN - Dynamic Failover

Unanswered Question
Mar 13th, 2010
User Badges:

I have few questions related to design of a SSL VPN solution using ASA. I have four data centers -  Chicago, New York, London,and  Hong Kong.Design should be such that user should automatically connects to the nearest data center depending upon his/her location. So, if a user is in America, it should connect to New York Data center and if user is in China it should connect to Hong Kong. Also, Chicago is to be used as backup for other three data centers, ie if a user in China is unable to connect to Hong Kong it should automatically fail back to Chicago.  What Options would you suggest and is this even possible? I am thinking of ACE and Global site selectors but not exactly sure. Your help is appreciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Herbert Baerten Sun, 03/14/2010 - 08:37
User Badges:
  • Cisco Employee,


if you are referring to SSL client (Anyconnect), then version 2.5 will have a new feature "Optimal Gateway Selection". This version is expected 'soon'.

If you mean clientless webvpn, then I guess you'll indeed need to use an external load balancer. To be honest I have no idea how those work so you may want to ask more info in the Data Center forum.



pagrawal31 Sun, 03/14/2010 - 18:58
User Badges:

I am looking for both client (Anyconnect) and clientless solution. If Optimal Gateway Selection feature is not included in version 2.4 of the client what are other options to achieve this?


This Discussion