Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1764
Views
0
Helpful
3
Replies

Does VPN works in Firewall Active Active failover mode?

Go to solution
Lasandro Lopez
Level 1
Level 1

‎03-16-2013 03:20 AM

i want to clarify these two things!
1. Does VPN works in failover mode in Active/Active mode?

2. What about in Failover mode Active/Pasive?


Regards!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎03-16-2013 04:39 AM

Hi,

Using an Active/Active Failover means that the Firewalls will be in Multiple Context mode. In other words virtual firewalls.

This means that you can ONLY use IPsec L2L VPN connections on the virtual firewalls if you are running 9.x software level on the firewalls. Any form of Client and Clientless VPN isnt supported in Multiple Context Mode at the moment.

Now with Active/Standby we have to make a distinction (if that was the word).

IF you run a normal Active/Standby Failover pair of ASAs that IS NOT in Multiple Context mode YOU CAN use any type of VPN the ASAs support.

IF you run a a pair of ASAs in Multiple Context Mode and in Active/Standby Mode you will naturally run into the limitation of VPN support in Multiple Context Mode and WILL NOT be able to use any other VPNs other than IPsec L2L VPN connections provided you are running 9.x software that supports it.

Hope this helps

- Jouni

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎03-16-2013 04:39 AM

Hi,

Using an Active/Active Failover means that the Firewalls will be in Multiple Context mode. In other words virtual firewalls.

This means that you can ONLY use IPsec L2L VPN connections on the virtual firewalls if you are running 9.x software level on the firewalls. Any form of Client and Clientless VPN isnt supported in Multiple Context Mode at the moment.

Now with Active/Standby we have to make a distinction (if that was the word).

IF you run a normal Active/Standby Failover pair of ASAs that IS NOT in Multiple Context mode YOU CAN use any type of VPN the ASAs support.

IF you run a a pair of ASAs in Multiple Context Mode and in Active/Standby Mode you will naturally run into the limitation of VPN support in Multiple Context Mode and WILL NOT be able to use any other VPNs other than IPsec L2L VPN connections provided you are running 9.x software that supports it.

Hope this helps

- Jouni

0 Helpful

Go to solution
Lasandro Lopez
Level 1
Level 1
In response to Jouni Forss

‎03-16-2013 04:54 AM

Thank you for you explanation!
Now i'm more clear!

I'm talking about the situation of normal Active/Standby Failover with a pair of identical ASAs, not in Multiple Context Mode!
Regards!

0 Helpful

Go to solution
nouraj jaman
Level 1
Level 1
In response to Lasandro Lopez

‎03-16-2013 05:46 AM

in single context mode, you can only do active/standby and vpn works fine.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents