cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

200
Views
5
Helpful
1
Replies
Beginner

Anyconnect High Availability

Hi

Our network as shown in the picture below, we use any-connect for remote users. Any-connect is configured in ASA1.

I want to add ASA2 to the configuration as high availability. If the ASA1 goes down, the users will automatically use ASA2 to connect to network.

 

Is there a way I can do this High Availability between two ASAs with different ISP and public IP addresses?

Do I need to use the same IP pool in both ASAs?

 

Capture.PNG

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

Re: Anyconnect High Availability

Yes - I do something like that often for our clients.

You just specify in the Anyconnect client profile a backup server. Put in the FQDN for the secondary site. If the client cannot connect on the primary it will automatically fail over to the second one. It's best to use separate pools as the ASA pairs will not know if the addresses have been assigned by the other pair. Also, your internal routing needs to know how to reach each respective pool.

VPN Backup Server List.PNGVPN Backup Server List

View solution in original post

1 REPLY 1
Highlighted
Hall of Fame Guru

Re: Anyconnect High Availability

Yes - I do something like that often for our clients.

You just specify in the Anyconnect client profile a backup server. Put in the FQDN for the secondary site. If the client cannot connect on the primary it will automatically fail over to the second one. It's best to use separate pools as the ASA pairs will not know if the addresses have been assigned by the other pair. Also, your internal routing needs to know how to reach each respective pool.

VPN Backup Server List.PNGVPN Backup Server List

View solution in original post

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here