Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

load balance MASTER does not accept VPN request ?

I have three ASA running as a cluster to accept VPN request, but I noticed recently the MASTER does not take any VPN session only the two backup ASA doing load balance?

Tried reboot still no change?

Any idea

Public IP Role Pri Model IPSec SSL IPSec SSL

---------------------------------------------------------------------------

* x.x.x.1 Master 1 ASA-5550 0 0 0 1

x.x.x.2 Backup 2 ASA-5550 0 0 2 3

x.x.x.3 Backup 3 ASA-5550 0 0 2 3

Thanks

2 REPLIES
Silver

Re: load balance MASTER does not accept VPN request ?

I looked in the ASA documentation and could not find a specific reference, but I know that when clustering VPN concentrators the cluster master always has fewer sessions because of its additional responsibility to manage the sessions between cluster members. It looks like the ASA cluster configuration works similarly.

I think once you get a higher volume of VPN sessions you will see the cluster master start to take on sessions, but it will have a lower percentage of total sessions than the other members.

New Member

Re: load balance MASTER does not accept VPN request ?

Your explanation is exactly same like Cisco TAC. The TAC said if backup load goes up to 5%, then the Master start taking session.

Thank you.

154
Views
0
Helpful
2
Replies
CreatePlease to create content