Solved: AnyConnect VPN Cluster between 2 ASAs

fsebera · ‎04-14-2016

We plan to only have 2 members in our AnyConnect VPN cluster (total 50 users) on two Cisco 5516-X firewalls.

Our external and internal switches are not setup to support jumbo frames (we CANNOT reboot these switches to enable the jumbo frame feature) - Since we will only have 2 members in our cluster our plan is to connect the CCL directly between the 2 ASAs.

Is there any issue with this decision?

Thanks

Frank

Marius Gunnerud · ‎04-14-2016

There should not be an issue connecting the CCL link directly to the other ASA, this just needs communication between the ASAs so the Master can update the Slave regarding established connections, etc.

The only issue here would be scalability, but if you are 100% sure that you will not need to add more ASAs to the cluster.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Marius Gunnerud · ‎04-14-2016

There should not be an issue connecting the CCL link directly to the other ASA, this just needs communication between the ASAs so the Master can update the Slave regarding established connections, etc.

The only issue here would be scalability, but if you are 100% sure that you will not need to add more ASAs to the cluster.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

fsebera · ‎04-14-2016

99.99% sure, at lease for the next couple of years!

Thank you

Frank