Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5520 load sharing vpn

Hi,

we want to configure our 2x ASA5520 to provide vpn-ssl access for our customers.

Is better to configure them as a VPN cluster in load balance or to setup them as a active/active cluster.

What are the difference between this 2 mode?

Thank you.

3 REPLIES

Re: ASA5520 load sharing vpn

An active/standby failover cluster will provide for hardware redundancy but only one ASA will be active at any one time.  A load balancing cluster will enable multiple member ASAs to service remote access VPN connection requests.  The docs below cover both features in detail.

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/configuration/guide/ha_active_standby.html

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/configuration/guide/vpnsysop.html#wp1048834

New Member

Re: ASA5520 load sharing vpn

VPN load balancing does it have any firewall, NAT,.... limitations?

Re: ASA5520 load sharing vpn

There are no limitations regarding firewall policies or NAT.  You will, however, need to independently manage the overall configuration for each ASA in the cluster.  For example, if you configure a custom WebVPN portal page, you will want to ensure that this same object is positioned and configured on all of the member ASAs so that the connecting users get the same experience.

224
Views
0
Helpful
3
Replies