07-22-2013 08:17 AM
I have been looking for a best practice document for HA for a pair of Cisco ASA 5520 supporting AnyConnect client VPNs.
I had a HA pair of 5520s configured as a HA cluster pair in my primary datacenter, I have taken one of them and moved it to my backup datacenter for disaster recovery purposes......just trying to find out if there is something I can do to better position these for redundancy. Right now my plan is if we have an internet outage or the primary ASA fails we will direct our users to point their client to the backup ASA URL (changing the public DNS alias would work also but would be problematic with caching/DNS propagation/etc.).
My other alternative is to purchase an additional ASA and build the HA cluster in my primary DC.
Thanks....Jeff
07-22-2013 11:31 AM
Hi,
I'm not quite experienced in anyconnect, but may be this helps:
07-22-2013 12:32 PM
As noted in the link Ilya provided, a Backup Server list in the profile is the way to go with geo-diverse VPN servers. You will need to make sure the profile (XML file) is manually synchronized between the two ASAs
07-23-2013 05:00 AM
Thank you both for your responses! This will definately help.
07-23-2013 07:54 AM
You're welcome.
Please rate responses according to their usefulness.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: