Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 9.X features

If I have a pair of ASA 5585-X with SSP 20 in HA (Active/Active), with 9.X code:

1. My understanding is the licenses (VPN, SSL, enable 10G i/o) are not shared and we'll need 2 license counts for the HA cluster.

2.          Does L2L IPSec VPN failover between the Active Active pair?

3.          Does Remote Access Anyconnect SSL VPN failover between the Active Active pair?

This document (http://www.cisco.com/en/US/docs/security/asa/asa90/release/notes/asarn90.html#wp684764) says Site to Site VPN and dynamic routing in multiple context mode is supported. Isn't it true that for multiple contexts, you have to run the ASA in Active Active? So that being said, L2L VPNs can failover across the cluster and dynamic routing is supported in A/A right?

Thank you.

Everyone's tags (5)
1 REPLY
Bronze

ASA 9.X features

Hi,

1) According to licensing rules yes, search for "asa licensing", there are several detailed documents.

2) This is true according to the feature descriptions, never tried it myself

3) I'm afraid not yet, RA VPN is not on the feature list for active/active AFAIK

The rest:

It's the other way round: for active/active you have to run multiple context but you can run multiple context without a/a failover.

The last sentence is correct according to the feature descriptions.

286
Views
0
Helpful
1
Replies