Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Query on Backup server listing for RA VPN servers

Hi All,

Basic query on backup servers list for RA VPN servers.

with the command: backup-servers <server list/keep-client-config> options..

Lets say if I have the ASA to push backup servers to RA client when connects. What happens second time when the cleint tries to connect and primary server is not available..? Does the client tries to look for backup server IP pushed during the first time or the backup server list will be pushed everytime client tries to connect..?

In general what is recomended..? Any security related issues if we roll the clients with backup server and on primary use 'Keep-client-config'

Please suggest. Thank you in advance


Community Member

Re: Query on Backup server listing for RA VPN servers

To configure backup servers, use the backup-servers command in group-policy configuration mode. To remove a backup server, use the no form of this command. To remove the backup-servers attribute from the running configuration, use the no form of this command without arguments. This enables inheritance of a value for backup-servers from another group policy.IPSec backup servers let a VPN client connect to the central site when the primary security appliance is unavailable. When you configure backup servers, the security appliance pushes the server list to the client as the IPSec tunnel is established.

keep-client-config - Specifies that the security appliance sends no backup server information to the client. The client uses its own backup server list, if configured.

CreatePlease to create content