08-20-2008 06:42 AM
Does anyone know if you can put two 5510 ASAs together for both load balacing and failover?
08-20-2008 07:35 AM
You can have Failover (in Active/Active) for Load sharing mode.
But on the ASA5510, you need to go for Security Plus license for the Failover feature.
08-20-2008 08:00 PM
Thank you.
08-22-2008 08:28 AM
I think he was asking if you can do failover and VPN load balancing at the same time
08-22-2008 01:40 PM
Confirmed and tested
You can not do VPN load balancing if you have failover enabled. If VPN load balancing is enabled and then you enable failover, VPN load balancing databases loses the standby peer.
The following statement in cisco's ASA config guide is NOT true:
"The security appliance also provides load balancing, which is different from failover. Both failover and load balancing can exist on the same configuration."
And I'm sure they are referring to VPN load balancing and not to Active/Active load balancing, because the URL link after that statement goes directly to the VPN load balancing section of the ASA configuration guide
This means that if a customer wants to get a pair of ASAs for firewalls and also wants to use SSL VPN, he must buy twice as many SSL VPN licenses. The only other way is to get a second pair of ASAs just for VPN.
I've asked many cisco folks about this and no one seems to know when this licensing issue is going to get resolved. Many of my customers shy away from SSL VPN just because of this issue.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: