what is the best solution for RA VPN backup on asa?

Unanswered Question
Jun 30th, 2010

hi All,

i'm trying to choose between landing ra-vpn on active\stanby asa5510 pair and vpn load-balance feature.

if i'll choose failover pair then i'll have a problem with dynamic routing.

if i'll choose load-balance feature then i should solve problem with assymetric routing for outgoing traffic from the clients in local net. or may be i;m wrong?

please advise me.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Michael Dombek Mon, 07/05/2010 - 07:58

Hi, both solutions would not cause problems

if i'll 
choose failover pair then i'll have a problem with dynamic routing. 

If you're going Active / Passive you can have dynamic Routing - if you go Active / Active you can´t have VPN anyway so this is no solution

if i'll 
choose failover pair then i'll have a problem with dynamic routing. 

Afaik (sorry it´s been a while with load balancing) the client stays connected to the ASA that it connects first (persistent) and you can automaticaly redistribute a /32 route into your routing Process.

If you don´t like this option you can create different pools on your VPN ASAs and do some statice routing.

Hope I did not mix up to many facts - HTH you

cheers Michael

Actions

This Discussion