Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
797
Views
5
Helpful
3
Replies

VIP between load-balancing asa 5540

vince.elentrio1
Level 1
Level 1

‎04-14-2016 09:45 AM

Hi Guys,

I have a VIP between two firewalls but anyconnect users are having an issue when connecting to that VIP FQDN. The issue is a certificate error.  Clients hit the VIP and then get re-directed to the primary firewall. Do I need a cert for the VIP? Should I use a wildcard cert? I have valid certs on both firewalls. I am not sure about the wildcard cert and how to generate one.

Thanks Vince

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎04-14-2016 06:51 PM

Why bother with a VIP?  Why not put the two ASA's into a VPN cluster, and let them do the balancing themselves?  You just need to plug then into an Etherchannel capable switch, and all the firewalls in the cluster look like members in the channel to the switch.

0 Helpful

vince.elentrio1
Level 1
Level 1
In response to Philip D'Ath

‎04-15-2016 05:09 AM

Hi Philip,

Agree but the powers at be. Thanks Abaji for the link!

0 Helpful

Abaji Rawool
Level 3
Level 3

‎04-14-2016 09:11 PM

Here is link you can refer for full details :https://supportforums.cisco.com/document/29886/asa-vpn-load-balancingclustering-digital-certificates-deployment-guide

HTH

Abaji.

Customers Also Viewed These Support Documents