Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

IPSec support for Active/Active config on ASA

Hi,

I was going through the link for help on configuring failover for multiple contexts & came across a strange statement. Can someone pls help clarify this, "When the security appliance is configured for Active/Active stateful failover, you cannot enable IPSec or SSL VPN. Therefore, these features are unavailable. VPN failover is available for Active/Standby failover configurations only".

Here is the link:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html

thanks

BVS

2 REPLIES
New Member

Re: IPSec support for Active/Active config on ASA

It is as it says. If you are running active active you cannot terminate VPN traffic wheras if you are in active/standby you can.

Silver

Re: IPSec support for Active/Active config on ASA

If you want Active/Active...Active firewall

that can also terminate VPN and/or ssl VPN,

checkpoint can do that.

Even with Cisco ASA in Active/Active, it is not

really Active/Active. It is similar to IOS

HSRP but not as flexible as HSRP.

CCIE security

395
Views
0
Helpful
2
Replies
CreatePlease to create content