Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
604
Views
0
Helpful
1
Replies

what is the best solution for RA VPN backup on asa?

spirtovoz
Level 1
Level 1

‎06-30-2010 01:38 PM

hi All,

i'm trying to choose between landing ra-vpn on active\stanby asa5510 pair and vpn load-balance feature.

if i'll choose failover pair then i'll have a problem with dynamic routing.

if i'll choose load-balance feature then i should solve problem with assymetric routing for outgoing traffic from the clients in local net. or may be i;m wrong?

please advise me.

Labels:
0 Helpful
1 Reply 1

Michael Dombek
Level 1
Level 1

‎07-05-2010 07:58 AM

Hi, both solutions would not cause problems

if i'll 
choose failover pair then i'll have a problem with dynamic routing.

If you're going Active / Passive you can have dynamic Routing - if you go Active / Active you can´t have VPN anyway so this is no solution 

if i'll 
choose failover pair then i'll have a problem with dynamic routing.

Afaik (sorry it´s been a while with load balancing) the client stays connected to the ASA that it connects first (persistent) and you can automaticaly redistribute a /32 route into your routing Process.

If you don´t like this option you can create different pools on your VPN ASAs and do some statice routing.

Hope I did not mix up to many facts - HTH you

cheers Michael

0 Helpful
Customers Also Viewed These Support Documents