Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Load Balancing ASA question - which IP do I direct clients too?

I have 2 5520's with a 50 user SSLVPN license on each. I want to use the VPN load balancing feature. Should I be sending users to the Cluster IP Address ? The documentation isnt clear on this point.

Thanks,

Justin

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Load Balancing ASA question - which IP do I direct clients t

That's correct. You should have the VPN connect to the LB cluster IP, not the individual IP addresses. The master ASA will listen for the connection requests to the LB Cluster IP and based on load either accept the connection or automatically redirect it to one of the standby ASAs in the cluster. This should all be transparent to the VPN user connecting.

Hall of Fame Super Blue

Re: Load Balancing ASA question - which IP do I direct clients t

jickfoo wrote:

I have 2 5520's with a 50 user SSLVPN license on each. I want to use the VPN load balancing feature. Should I be sending users to the Cluster IP Address ? The documentation isnt clear on this point.

Thanks,

Justin

Justin

You need to use the cluster IP address. If you used the actual address of the firewall outside interfaces then you wouldn't get load-balancing.

Jon

3 REPLIES
Cisco Employee

Re: Load Balancing ASA question - which IP do I direct clients t

That's correct. You should have the VPN connect to the LB cluster IP, not the individual IP addresses. The master ASA will listen for the connection requests to the LB Cluster IP and based on load either accept the connection or automatically redirect it to one of the standby ASAs in the cluster. This should all be transparent to the VPN user connecting.

Hall of Fame Super Blue

Re: Load Balancing ASA question - which IP do I direct clients t

jickfoo wrote:

I have 2 5520's with a 50 user SSLVPN license on each. I want to use the VPN load balancing feature. Should I be sending users to the Cluster IP Address ? The documentation isnt clear on this point.

Thanks,

Justin

Justin

You need to use the cluster IP address. If you used the actual address of the firewall outside interfaces then you wouldn't get load-balancing.

Jon

Hall of Fame Super Blue

Re: Load Balancing ASA question - which IP do I direct clients t

Out of interest, why was this rated as not helpful ?

Jon

277
Views
5
Helpful
3
Replies
CreatePlease to create content