Confirmed and tested
You can not do VPN load balancing if you have failover enabled. If VPN load balancing is enabled and then you enable failover, VPN load balancing databases loses the standby peer.
The following statement in cisco's ASA config guide is NOT true:
"The security appliance also provides load balancing, which is different from failover. Both failover and load balancing can exist on the same configuration."
And I'm sure they are referring to VPN load balancing and not to Active/Active load balancing, because the URL link after that statement goes directly to the VPN load balancing section of the ASA configuration guide
This means that if a customer wants to get a pair of ASAs for firewalls and also wants to use SSL VPN, he must buy twice as many SSL VPN licenses. The only other way is to get a second pair of ASAs just for VPN.
I've asked many cisco folks about this and no one seems to know when this licensing issue is going to get resolved. Many of my customers shy away from SSL VPN just because of this issue.
