It says "Note: VPN failover is not supported on units that run in multiple context mode. VPN failover is available for Active/Standby Failover configurations only."
Active/Active requires multiple contexts. Therefore, VPN Failover will not work in Active/Active. But it does not say anything about VPN clustering or load balancing. Which is the functionality I believe he meant. VPN Clustering is covered here:
Re: ASA VPN loadbalancing and Firewall failover question
Confirmed and tested
You can not do VPN load balancing if you have failover enabled. If VPN load balancing is enabled and then you enable failover, VPN load balancing databases loses the standby peer.
The following statement in cisco's ASA config guide is NOT true:
"The security appliance also provides load balancing, which is different from failover. Both failover and load balancing can exist on the same configuration."
And I'm sure they are referring to VPN load balancing and not to Active/Active load balancing, because the URL link after that statement goes directly to the VPN load balancing section of the ASA configuration guide
This means that if a customer wants to get a pair of ASAs for firewalls and also wants to use SSL VPN, he must buy twice as many SSL VPN licenses. The only other way is to get a second pair of ASAs just for VPN.
I've asked many cisco folks about this and no one seems to know when this licensing issue is going to get resolved. Many of my customers shy away from SSL VPN just because of this issue.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :