05-02-2014 12:01 PM
I have a pair of Asa 5520 running active standby failover. Can I use both these machines in a ssl vpn loadbalancing cluster?
Solved! Go to Solution.
05-03-2014 05:09 AM
No. When an active/standby pair is part of a VPN cluster, the standby unit is still standby - it won't be actively terminating end user sessions. Only the active (and non-failover) cluster members will be doing so.
05-03-2014 01:35 AM
Yes, a vpn-loadbalancing-cluster member can be a standallone unit or an A/S faoilover unit. It's also allowed that some members are FO and others are standalone.
You find more information on that in the config-guide: http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_params.html#wp1048834
05-03-2014 01:52 AM
05-03-2014 05:09 AM
No. When an active/standby pair is part of a VPN cluster, the standby unit is still standby - it won't be actively terminating end user sessions. Only the active (and non-failover) cluster members will be doing so.
05-03-2014 07:18 AM
And if it's more about scalability for more peers, then you can run a VPN-cluster with just two ASAs.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: