what is the best solution for RA VPN backup on asa?

Unanswered Question
Jun 30th, 2010
User Badges:

hi All,


i'm trying to choose between landing ra-vpn on active\stanby asa5510 pair and vpn load-balance feature.


if i'll choose failover pair then i'll have a problem with dynamic routing.

if i'll choose load-balance feature then i should solve problem with assymetric routing for outgoing traffic from the clients in local net. or may be i;m wrong?


please advise me.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Michael Dombek Mon, 07/05/2010 - 07:58
User Badges:

Hi, both solutions would not cause problems


if i'll 
choose failover pair then i'll have a problem with dynamic routing. 

If you're going Active / Passive you can have dynamic Routing - if you go Active / Active you can´t have VPN anyway so this is no solution


if i'll 
choose failover pair then i'll have a problem with dynamic routing. 

Afaik (sorry it´s been a while with load balancing) the client stays connected to the ASA that it connects first (persistent) and you can automaticaly redistribute a /32 route into your routing Process.

If you don´t like this option you can create different pools on your VPN ASAs and do some statice routing.


Hope I did not mix up to many facts - HTH you


cheers Michael

Actions

This Discussion