08-12-2010 06:43 AM
Hi,
we want to configure our 2x ASA5520 to provide vpn-ssl access for our customers.
Is better to configure them as a VPN cluster in load balance or to setup them as a active/active cluster.
What are the difference between this 2 mode?
Thank you.
08-12-2010 07:38 AM
An active/standby failover cluster will provide for hardware redundancy but only one ASA will be active at any one time. A load balancing cluster will enable multiple member ASAs to service remote access VPN connection requests. The docs below cover both features in detail.
08-12-2010 07:41 AM
VPN load balancing does it have any firewall, NAT,.... limitations?
08-12-2010 08:03 AM
There are no limitations regarding firewall policies or NAT. You will, however, need to independently manage the overall configuration for each ASA in the cluster. For example, if you configure a custom WebVPN portal page, you will want to ensure that this same object is positioned and configured on all of the member ASAs so that the connecting users get the same experience.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide