Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1419
Views
0
Helpful
2
Replies

ASA Load-balancing/Cluster and the VPNs

malik.boukraa
Level 1
Level 1

‎08-22-2009 06:41 AM

Hi all,

I read everything and it's opposite about ASA in cluster/load-balancing mode and how they handle SSL VPN, client IPSec VPN, Site-to-site VPN...

Someone can clarify to me the situation? Can we do Client SSL & IPSec VPN on a ASA cluster?

Site-to-site VPN can't participate to the load-balancing, how is handle the site-to-site VPN (only by the cluster master - in his real ip or can we use cluster IP anyway for site-to-site VPN?

In a ASA cluster, to do site-to-site VPN, can we use the real outside IP of the master?

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

malik.boukraa
Level 1
Level 1

‎09-06-2009 09:30 AM

Bump! nobody really?

0 Helpful

Nelson Rodrigues
Cisco Employee
Cisco Employee

‎12-09-2009 10:42 AM

Yes. ASA can load balance remote access VPN (IP

sec, Clientless VPN, and Client SSL VPN). Site-to-Site and L2TP/IPSec don't participate in LB algorithm.

You mus use the real IP of the the ASA for Site-to-Site and L2TP/IPsec sessions. It can be the real IP of the master ASA or any of the cluster.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents