cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1067
Views
8
Helpful
5
Replies

vpn concentrator load balancing

suthomas1
Level 6
Level 6

Hello,

We have two 3000 vpn concentrators. Under both of  their load balancing fields, Configuration - Load balancing , the checkbox for loadbalancing is enabled.

However both have different priorities, one with 10 and other with 1. Does this mean both are actually loadbalancing. What does the priorities indicate here?

If we replace the concentrators with ASA , how will this load balancing need to be configured on ASA & how will it work.

Thanks.

1 Accepted Solution

Accepted Solutions

1. Yes you can, and here is the configuration guide for load balancing on ASA:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_params.html#wp1048834

2. Assuming that you would want to use the ACS to authenticate VPN Client user? Here is the configuration guide:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008080f2d1.shtml

Hope that helps.

View solution in original post

5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

Priorities only indicate which becomes the Master at startup, however they are still performing load balancing.

here is more information on load balancing priorities on VPN Concentrator for your reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a0080094b4a.shtml#cg

Hope that helps.

Thanks Jennifer. Few more queries:

1. Is it possible to configure similar load balancing across new two ASA's for remote ipsec vpn

If so, how can it be done.

2. How do i integrate the new ASA's with the ACS. What process does this involve.

Please help.

1. Yes you can, and here is the configuration guide for load balancing on ASA:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_params.html#wp1048834

2. Assuming that you would want to use the ACS to authenticate VPN Client user? Here is the configuration guide:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008080f2d1.shtml

Hope that helps.

Thanks Jennifer.

What is the main differentiation between an Active/Active asa setup and load balancing setup for VPN.

Isn't both serve the same goal.

ASA Active/Active failover is to provide failover for multiple context firewalls within 1 physical firewall.

Eg: you can have context A and context B active on ASA-1, and context C and context D active on ASA-2, and if either of them fail, they can failover to the respective ASA.

However, Active/Active failover does not support VPN, it's purely for firewall context functionality.

If your ASA is purely for VPN, then you would need to setup VPN load balancing.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: