cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
638
Views
0
Helpful
4
Replies

High Availability Best Practice

jrichterkessing
Level 1
Level 1

I have been looking for a best practice document for HA for a pair of Cisco ASA 5520 supporting AnyConnect client VPNs.

I had a HA pair of 5520s configured as a HA cluster pair in my primary datacenter, I have taken one of them and moved it to my backup datacenter for disaster recovery purposes......just trying to find out if there is something I can do to better position these for redundancy. Right now my plan is if we have an internet outage or the primary ASA fails we will direct our users to point their client to the backup ASA URL (changing the public DNS alias would work also but would be problematic with caching/DNS propagation/etc.).

My other alternative is to purchase an additional ASA and build the HA cluster in my primary DC.

Thanks....Jeff

4 Replies 4

Ilya Shilov
Level 1
Level 1

Marvin Rhoads
Hall of Fame
Hall of Fame

As noted in the link Ilya provided, a Backup Server list in the profile is the way to go with geo-diverse VPN servers. You will need to make sure the profile (XML file) is manually synchronized between the two ASAs

Thank you both for your responses! This will definately help.

You're welcome.

Please rate responses according to their usefulness.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: