cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1566
Views
0
Helpful
17
Replies
navypop42
Beginner

ASA Active Active

Can I have Vpn lan to lan tunnels with an active active configuration on

a pair of Cisco 5520's.

17 REPLIES 17

Well, I'm not taking about VPN I.m taking about having 1 context active in an ASA and the another one in the another ASA.

http://www-uk.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#lanbas

You said that this method is not really active/active. But if we can have a context active in each ASA what would that be?

1. VPN is not supported in multiple context. http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1146747

2. For active/active configuration, multiple context is minimum requirement. You can have a few contexts active in the primary firewall and a few other contexts active on the secondary firewall.  This way you can use both the pieces of hardware at the same time and one doesn't have to be sitting there idle waiting for the other one to fail.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_active_active.html#wp1065051

-KS

The scope of this thread is VPN-functionality in active/active. That is not possible.

Your scenario with multiple contexts balanced over dual hardware is what Cisco calls active/active. I´ve never said the opposite.

Whatever, I think we all agree now on what is possible and not. Otherwise, please have a look at my blog post: http://blogg.kvistofta.nu/cisco-asa-activeactive-failover/

Br Jimmy

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE- Guest and Posture Troubleshooting (67%)

Content for Community-Ad