02-11-2010 07:50 AM - edited 03-11-2019 10:07 AM
Can I have Vpn lan to lan tunnels with an active active configuration on
a pair of Cisco 5520's.
02-11-2010 08:10 AM
You can, but you must go to the physical interface IP and not the virtual.
Hope that helps.
02-11-2010 09:53 AM
Nope, when running in multiple context mode VPN is not supported.
Br Jimmy
02-11-2010 11:26 AM
There is no mention of multiple contexts.
02-11-2010 12:09 PM
"Active active" implies multi-context.
02-11-2010 12:21 PM
Yes jilahbg
is right you cannot have VPN or Dynamic routing in an enviroment with multiple context. Failover A/A requires Multiple context
02-11-2010 12:22 PM
No it doesn't. I'm running an active/active pair w/o contexts.
02-11-2010 12:25 PM
Do you have one or 2 physical units? How does the output of "show failover" (or is it "show standby") look like?
02-11-2010 12:33 PM
Dude I sure that Active Active needs multiple context.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml
You are probable running Active Standby
Check that out.
02-11-2010 12:34 PM
+1
02-11-2010 12:45 PM
I have configured 2 Cisco 5520 ASA's with active active and the main device
is up and the backup
is just in standby.
Thank You
Bill Murray
315-435-4768
315-264-9152
From: jilahbg
To: William Murray
Date: 02/11/2010 03:39 PM
Subject: New message: "ASA Active
navypop42,
A new message was posted in the Discussion thread "ASA Active Active":
https://supportforums.cisco.com/message/3017505#3017505
Author : jilahbg
Profile : https://supportforums.cisco.com/people/jilahbg
Message:
02-11-2010 12:56 PM
Ok. What you have is an active/passive-configuration. Since the second unit is "just in standby" its not really active.
Since one context can never be active in two units simultanously there is no way to "load-share" in that setup. The only way to balance the load between multiple hardwares is to have multiple context and spread the active-unit for each context over the hardwares.
I personally dont like Cisco calling it "active/active". It is what I define as sales b*llsh*t. :-)
Br Jimmy
02-11-2010 01:15 PM
Yes this is not being built as a load share but hot spare.
Thank You
Bill Murray
315-435-4768
315-264-9152
From: jilahbg
To: William Murray
Date: 02/11/2010 04:06 PM
Subject: New message: "ASA Active
navypop42,
A new message was posted in the Discussion thread "ASA Active Active":
https://supportforums.cisco.com/message/3017585#3017585
Author : jilahbg
Profile : https://supportforums.cisco.com/people/jilahbg
Message:
02-11-2010 01:17 PM
Well guys.
If you have 2 multiple context you can have 1 contect active in an ASA and the another one active in the another ASA. So you will have them both active.!!!!!
02-13-2010 11:17 AM
Diecocambronero: What you describes is a multi-context-configuration which do NOT support site-2-site-vpn.
This blogg text describes all possible scenarios:
http://blogg.kvistofta.nu/cisco-asa-activeactive-failover/
Br Jimmy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide