Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

High Availability Best Practice

I have been looking for a best practice document for HA for a pair of Cisco ASA 5520 supporting AnyConnect client VPNs.

I had a HA pair of 5520s configured as a HA cluster pair in my primary datacenter, I have taken one of them and moved it to my backup datacenter for disaster recovery purposes......just trying to find out if there is something I can do to better position these for redundancy. Right now my plan is if we have an internet outage or the primary ASA fails we will direct our users to point their client to the backup ASA URL (changing the public DNS alias would work also but would be problematic with caching/DNS propagation/etc.).

My other alternative is to purchase an additional ASA and build the HA cluster in my primary DC.

Thanks....Jeff

4 REPLIES
Community Member

High Availability Best Practice

Hall of Fame Super Silver

High Availability Best Practice

As noted in the link Ilya provided, a Backup Server list in the profile is the way to go with geo-diverse VPN servers. You will need to make sure the profile (XML file) is manually synchronized between the two ASAs

Community Member

High Availability Best Practice

Thank you both for your responses! This will definately help.

Hall of Fame Super Silver

High Availability Best Practice

You're welcome.

Please rate responses according to their usefulness.

327
Views
0
Helpful
4
Replies
CreatePlease to create content