07-26-2018 12:17 AM
Hi,
Here is my situation:
I need to setup a remote vpn with anyconnect to Microsoft azure cloud.
to do so , I have 2 ASAv, but seen that ASAv could not be setup in High availability, i will configure them independently.
My 2 ASAv have private IP addresses and they are behind an edge router which have only one public IP.
see the picture attached to understand better.
can anyone help me how to setup anyconnect to connect on 1 ASAv and keep the second one as backup ?anyconnect
07-26-2018 04:34 AM
Since you have only 1 public ip address, you would have do some sort of port forwarding on your gateway to get both ASA's to work. You can:
1) Enable webvpn on port 8443 on ASA1
2) Enable webvpn on port 8444 on ASA2
3) Create port forwarding rules on your Azure gateway to point public-ip on 8443 to ASA1 and public-ip on 8444 to ASA2
4) Create an Anyconnect xml profile with public-ip:8443 as primary server address and public-ip:8444 as backup address. Client will connect to ASA2 if ASA1 is not reachable.
If you keep different pools on both ASA's you can statically route traffic to each one of them based on the destination address.
07-26-2018 05:54 AM
Looks like a good solution , thank you Rahul Govindan , i will test it and revert back to you ;)
07-26-2018 06:35 AM
07-26-2018 06:49 AM
HI gbekmezi
I'm using 2 ASAv because i need 1000 users but each ASAv30 licence is limited to 750 user.
Have you considered using cloud native availability features? ==> can you explain to me what's that ?
your solution is also good but i will need in this case an extra device (load balancer)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: