Load Balancing ASA question - which IP do I direct clients too?

Answered Question
May 21st, 2010
User Badges:

I have 2 5520's with a 50 user SSLVPN license on each. I want to use the VPN load balancing feature. Should I be sending users to the Cluster IP Address ? The documentation isnt clear on this point.


Thanks,

Justin

Correct Answer by Jon Marshall about 6 years 10 months ago

jickfoo wrote:


I have 2 5520's with a 50 user SSLVPN license on each. I want to use the VPN load balancing feature. Should I be sending users to the Cluster IP Address ? The documentation isnt clear on this point.


Thanks,

Justin


Justin


You need to use the cluster IP address. If you used the actual address of the firewall outside interfaces then you wouldn't get load-balancing.


Jon

Correct Answer by hdashnau about 6 years 10 months ago

That's correct. You should have the VPN connect to the LB cluster IP, not the individual IP addresses. The master ASA will listen for the connection requests to the LB Cluster IP and based on load either accept the connection or automatically redirect it to one of the standby ASAs in the cluster. This should all be transparent to the VPN user connecting.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (4 ratings)
Loading.
Correct Answer
hdashnau Fri, 05/21/2010 - 12:28
User Badges:
  • Cisco Employee,

That's correct. You should have the VPN connect to the LB cluster IP, not the individual IP addresses. The master ASA will listen for the connection requests to the LB Cluster IP and based on load either accept the connection or automatically redirect it to one of the standby ASAs in the cluster. This should all be transparent to the VPN user connecting.

Correct Answer
Jon Marshall Fri, 05/21/2010 - 12:37
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

jickfoo wrote:


I have 2 5520's with a 50 user SSLVPN license on each. I want to use the VPN load balancing feature. Should I be sending users to the Cluster IP Address ? The documentation isnt clear on this point.


Thanks,

Justin


Justin


You need to use the cluster IP address. If you used the actual address of the firewall outside interfaces then you wouldn't get load-balancing.


Jon

Jon Marshall Fri, 05/21/2010 - 12:47
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Out of interest, why was this rated as not helpful ?


Jon

Actions

This Discussion