Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

active/active ASA 8.3 with VPN

I was wondering if I can do an active/active setup and still use Remote Access IPSEC VPN's with two ASA 5550's. I hear that you can't but if that is true are there any workarounds? I don't care if the VPN tunnels don't failover, I just want it so that if one ASA fails over then the other one will pick up for regular traffic, but for VPN I don't care if it just uses one ASA or the other as long as it can use one of them should one ASA fail.



Re: active/active ASA 8.3 with VPN

For Active/Active, you need to enable multiple contexts. You need to make some contexts active at one ASA & remaining contexts active on the other ASA.

Multiple context mode does not support these features:

* Dynamic routing protocols ( only static routes. You cannot enable OSPF or RIP in multiple context mode)

* VPN (IPsec / SSL)

* Multicast Routing (Multicast bridging is supported)

* Threat Detection

In Summary VPN feature cannot be configured when running ASAs in active/active topology

Syed Iftekhar Ahmed

New Member

Re: active/active ASA 8.3 with VPN

use active/standby instead if you'll implementing ipsec vpn in a failover scenario.

active/active is not supported so far...