09-01-2008 10:15 PM - edited 03-09-2019 09:23 PM
We have two ASA5550's, ver. 7.1(2). We setup Load Balancing, using virtual cluster IP address. The primary ASA is setup with priority 10. The secondary ASA is setup with priority of 8. When the first client (VPN client) connects, the client connects to the Secondary ASA. When the second client connects, it also connects to the Secondary ASA. Is there a way to setup Active/Active? So, when the first client (VPN client) connects, it will connect to the Primary. When the second client connects, it will connect to the Secondary. When the third client connects, it will connect to the Primary and so on.
Thanks.
Diane
09-01-2008 11:19 PM
Diane,
Can you confirm the failover license of the firewalls is active/active?
Can you post the output of "sh version"
Can you post the output of "show vpn load-balancing"
09-01-2008 11:46 PM
09-01-2008 11:49 PM
Diane,
Can you supply the outputs from the primary/master ASA - asa1 maybe!
Can you also post the output from both devices for the command "show failover"
09-02-2008 06:55 AM
09-02-2008 07:21 AM
Can;t see an issue with the config so far - can you issue on both ASA's:-
debug vpnlb 250
And post the outputs from both units please?
09-02-2008 08:31 AM
09-02-2008 08:40 AM
Everything looks OK - no keepalives being lost, checked the bug toolkit - only one post in the 7.1(x) train:-
One post in the 7.2(x) train:-
09-02-2008 09:19 AM
Andrew,
Thanks very much for taking time to work on this issue. I will follow these instructions.
Thanks again for everything.
Diane
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide