Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Active/Active or VPN Cluster

Greetings,

We have two ASA's that will be used for VPN access. Initially only IPSec connections but eventually, we'll be using the SSL Web connections as well. I was curious which failover configuration would be more appropriate. Active/Active or the VPN Load Balancing Cluster. I was thinking the VPN cluster since they will not be used as firewalls but wasn't sure.

Thanks for any input.

4 REPLIES

Re: ASA Active/Active or VPN Cluster

Have in mind that to have active active failover you need to have security contexts enabled on your ASA devices, and at the moment multiple firewall is enabled (contexts) VPN features are removed from the ASA.

New Member

Re: ASA Active/Active or VPN Cluster

So if I am understand what you are saying correctly, I cannot use Active/Active while using remote VPN. I'd have to use the VPN Load Balancing to utilize fault tolerance. Is this correct?

Re: ASA Active/Active or VPN Cluster

You can certainly use active/standby failover along with vpn, or you can use vpn load balance it is up to your design, what you can't use is active active failover

New Member

Re: ASA Active/Active or VPN Cluster

Yeah I was looking at Active/Standby but my boss feels that if we are using it for VPN (IPSec and SSL) he thought one unit may be doing too much and would rather have some type of load balancing in place. So it seems the VPN cluster may be the best option.

366
Views
0
Helpful
4
Replies
CreatePlease login to create content