I have been looking for a best practice document for HA for a pair of Cisco ASA 5520 supporting AnyConnect client VPNs.
I had a HA pair of 5520s configured as a HA cluster pair in my primary datacenter, I have taken one of them and moved it to my backup datacenter for disaster recovery purposes......just trying to find out if there is something I can do to better position these for redundancy. Right now my plan is if we have an internet outage or the primary ASA fails we will direct our users to point their client to the backup ASA URL (changing the public DNS alias would work also but would be problematic with caching/DNS propagation/etc.).
My other alternative is to purchase an additional ASA and build the HA cluster in my primary DC.
As noted in the link Ilya provided, a Backup Server list in the profile is the way to go with geo-diverse VPN servers. You will need to make sure the profile (XML file) is manually synchronized between the two ASAs
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...