dual ISP and SSL VPN on ASA 5520

peterpark421 · ‎12-31-2012

Hi All,

I configured dual ISP on ASA 5520 with a help of cisco doc below. Now I would like to configure SSL VPN to work with this for failover? Could anyone shed some light on me for this one? I tried to find an article regarding this but I could not.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Jitendra Siyag · ‎01-01-2013

you can configure the SSLVPN same way as in one ISP case. and after that enable webvpn on backup intreface also using below command.

webvpn

enable backup

that way when priamry ISP goes down the users can connect via secondary ISP.

here is a deployment guide for SSLVPN.

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/ssl_vpn_deployment_guide/deploy.html#wp1128724

peterpark421 · ‎01-02-2013

Thank you, Jitendra.

I will try this and will update here.

AdamBlackNNT · ‎01-02-2013

One thing to keep in mind is that once the failover occurs the internet-facing IP address of your ASA will change, which will mean the old URL may not work anymore (depending on your topology; I'm assuming your ASA has public addresses on Internet-facing links). Just be sure to either use a service that will update your DNS records if the first link goes down or make sure users are trained to use a new URL in the event of an outage.