Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1133
Views
0
Helpful
2
Replies

IPSec support for Active/Active config on ASA

bvsnarayana03
Contributor
Contributor

‎02-28-2008 12:13 AM - edited ‎03-11-2019 05:10 AM

Hi,

I was going through the link for help on configuring failover for multiple contexts & came across a strange statement. Can someone pls help clarify this, "When the security appliance is configured for Active/Active stateful failover, you cannot enable IPSec or SSL VPN. Therefore, these features are unavailable. VPN failover is available for Active/Standby failover configurations only".

Here is the link:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html

thanks

BVS

Labels:
0 Helpful
2 Replies 2

cdusio
Enthusiast
Enthusiast

‎03-01-2008 05:25 AM

It is as it says. If you are running active active you cannot terminate VPN traffic wheras if you are in active/standby you can.

0 Helpful

cisco24x7
Frequent Contributor
Frequent Contributor
In response to cdusio

‎03-01-2008 06:20 AM

If you want Active/Active...Active firewall

that can also terminate VPN and/or ssl VPN,

checkpoint can do that.

Even with Cisco ASA in Active/Active, it is not

really Active/Active. It is similar to IOS

HSRP but not as flexible as HSRP.

CCIE security

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents