SSL VPN through CSS and ASA VPN Load Balancing Logic ?
We got two ASA5540s. ASA#1 has 5000 IPSEC and 500 SSL license. ASA#2 has only 5000 IPSEC license.
We enabled VPN load balancing on both boxes. They see each other in terms of VPN load balancing configuration.
The problem is, ASA#1 is master in cluster. It does not have any VPN sessions on it, when we try to initiate the first IPSEC VPN connection into the cluster IP, ASA#1 automatically redirects us to ASA#2.
Any one have any explanation to VPN load balancing algorithm of Cisco ASA ?
One more question, is it ok if we load balance SSL VPN (Anyconnect clients) through a Cisco CSS, customer does not prefer to purchase SSL certificates for all IP addresses in the cluster ?
Re: SSL VPN through CSS and ASA VPN Load Balancing Logic ?
I have found my answer through a search. Here is the logic :
Load is calculated by a % of user load. There is no preference to stick to box A or box B, this is the only factor taken in to consideration. If you would like to have the user load % increase faster on a device, you will want to tune down the max # of users it can support. It takes 50 users to = 1% load if you are configured to support the full 5K users.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...