Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Load-balancing/Cluster and the VPNs

Hi all,

I read everything and it's opposite about ASA in cluster/load-balancing mode and how they handle SSL VPN, client IPSec VPN, Site-to-site VPN...

Someone can clarify to me the situation? Can we do Client SSL & IPSec VPN on a ASA cluster?

Site-to-site VPN can't participate to the load-balancing, how is handle the site-to-site VPN (only by the cluster master - in his real ip or can we use cluster IP anyway for site-to-site VPN?

In a ASA cluster, to do site-to-site VPN, can we use the real outside IP of the master?

Thanks in advance.

New Member

Re: ASA Load-balancing/Cluster and the VPNs

Bump! nobody really?

Cisco Employee

Re: ASA Load-balancing/Cluster and the VPNs

Yes. ASA can load balance remote access VPN (IP

sec, Clientless VPN, and Client SSL VPN). Site-to-Site and L2TP/IPSec don't participate in LB algorithm.

You mus use the real IP of the the ASA for Site-to-Site and L2TP/IPsec sessions. It can be the real IP of the master ASA or any of the cluster.