Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
262
Views
0
Helpful
1
Replies

Combining SSL and Site-to-Site VPN configuration

webmastadj
Level 1
Level 1

‎06-03-2014 11:29 AM

Hello,

I have a simple question, what is the disadvantage, if any, for combining SSL VPN and site-to-site VPNs on a single unit?  We are looking to consolidate and would like to see if anyone has had any troubles with consolidating both of these on a single unit.  We currently have around 200+ site-to-site tunnels and around 10,000 Anyconnect VPN users.

Thanks.

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-03-2014 12:04 PM

Assuming your hardware is sized to accommodate the load, there's no technical reason why you cannot combine them. (Also assuming you're not terminating your site-site VPNs on a multi-context mode firewall since remote access VPN isn't supported for those.)

The more common reason I see is to distribute across units is to lessen the operational risk and impact - i.e. if something goes wrong it only affects one type of connection or a subset of your users.

One other thing is that remote access VPNs of that size are sometimes supported via use of a VPN cluster while remote access VPNs don't support VPN cluster technology per se.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents