Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

AnyConnect failover

Hi,

I am building a AnyConnect IPSec solution, and have a question about backup servers.  I understand that if I input the details of my backup link, then in the event of a failure at the primary this will be used.  My question is more about capacity.

As you can see I have a primary and backup link.  Now they terminate into two separate DMZs, which don't have direct layer2/3 connectivity.  So I am aiming to create the same profile on both ASAs, with a Primary, and Backup server defined.  Now potentially I have more users, than I can licence on a single ASA, so if that is full, will that be seen as not available to new clients, so they then are forced to connect to the backup site?

So what needs to happen for clients to use the backup link?

Thanks in advance,

Mike.

2 REPLIES
VIP Green

AnyConnect failover

Hi,

What type of failover are we talking here? Active/Active, Active/Standby?   In either of these two you would run into issues as a failover will not occure unless there is a link failure.  The Active Active should run fine until a failover occurs or you again go over the licensed user limit as you could have the option of splitting the traffic between the two ASAs. Active Standby would not help at all if you have more users than that the license permits.

You could configure your ASAs in a cluster, but that would require ASA5585-X and a specific license for clustering. If you have that then you dont have a limit on the number of users anyway.

Your best option is to upgrade your ASA licenses to support unlimited users.

--

Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
New Member

Re:AnyConnect failover

You can load balance VPN connections on the ASA.


Sent from Cisco Technical Support Android App

224
Views
0
Helpful
2
Replies
CreatePlease to create content