Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2545
Views
5
Helpful
6
Replies

Configure VTI in Active/Active Scenario

umeshunited
Level 1
Level 1

‎06-21-2019 05:40 PM - edited ‎02-21-2020 09:14 AM

Will I be able to configure VTI on Active/Active ASA pair?

0 Helpful
6 Replies 6

GRANT3779
Spotlight
Spotlight

‎06-21-2019 10:02 PM

Hi,
This is currently supported on single context / routed mode only. With you mentioning active/active I'm assuming you're running multicontext.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-vti.html
0 Helpful

umeshunited
Level 1
Level 1
In response to GRANT3779

‎06-23-2019 08:18 AM

We were planning to move to Active/Active setup from Active/Standby setup.

But as I read Active/Active is only supported in multiple context mode.

And VTI is supported in only Single context mode.

If this is true I will not be able to configure VTI in Active/Active setup, right?

GRANT3779
Spotlight
Spotlight
In response to umeshunited

‎06-23-2019 11:19 AM

Yes that is correct.

0 Helpful

Sheraz.Salim
VIP
VIP
In response to umeshunited

‎06-23-2019 01:17 PM

 

Just make sure you are on 9.7 onward version of the ASA code. As VTI was introduce in 9.7 code here is the link in case you need it in regards to configurations

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/vpn-vti.pdf

please do not forget to rate.
0 Helpful

ziqex
Level 4
Level 4
In response to umeshunited

‎12-12-2019 02:01 AM

Are there any workarounds available to accomplish VTI tunnel in multiple contexts? 

Currently running 9.8.4. multiple context HA 5545.

I require it for umbrella setup. 

Thank you.

0 Helpful

umeshunited
Level 1
Level 1

‎06-25-2019 04:28 AM

In addition to this, is it possible to configure two tunnels using different ISPs and keep them active? Please find the attachment for the reference. (Assume ASA1 is active firewall).

In that, I want to keep tunnel to 1.1.1.1 and 3.3.3.3 active.

 

Preview file
16 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card