04-14-2016 09:45 AM
Hi Guys,
I have a VIP between two firewalls but anyconnect users are having an issue when connecting to that VIP FQDN. The issue is a certificate error. Clients hit the VIP and then get re-directed to the primary firewall. Do I need a cert for the VIP? Should I use a wildcard cert? I have valid certs on both firewalls. I am not sure about the wildcard cert and how to generate one.
Thanks Vince
04-14-2016 06:51 PM
Why bother with a VIP? Why not put the two ASA's into a VPN cluster, and let them do the balancing themselves? You just need to plug then into an Etherchannel capable switch, and all the firewalls in the cluster look like members in the channel to the switch.
04-15-2016 05:09 AM
Hi Philip,
Agree but the powers at be. Thanks Abaji for the link!
04-14-2016 09:11 PM
Here is link you can refer for full details :https://supportforums.cisco.com/document/29886/asa-vpn-load-balancingclustering-digital-certificates-deployment-guide
HTH
Abaji.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide