cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
920
Views
0
Helpful
2
Replies

IPSec support for Active/Active config on ASA

bvsnarayana03
Contributor
Contributor

Hi,

I was going through the link for help on configuring failover for multiple contexts & came across a strange statement. Can someone pls help clarify this, "When the security appliance is configured for Active/Active stateful failover, you cannot enable IPSec or SSL VPN. Therefore, these features are unavailable. VPN failover is available for Active/Standby failover configurations only".

Here is the link:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html

thanks

BVS

2 REPLIES 2

cdusio
Enthusiast
Enthusiast

It is as it says. If you are running active active you cannot terminate VPN traffic wheras if you are in active/standby you can.

cisco24x7
Frequent Contributor
Frequent Contributor

If you want Active/Active...Active firewall

that can also terminate VPN and/or ssl VPN,

checkpoint can do that.

Even with Cisco ASA in Active/Active, it is not

really Active/Active. It is similar to IOS

HSRP but not as flexible as HSRP.

CCIE security

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: