11-28-2013 06:46 AM - edited 02-21-2020 07:21 PM
Hi,
I am building a AnyConnect IPSec solution, and have a question about backup servers. I understand that if I input the details of my backup link, then in the event of a failure at the primary this will be used. My question is more about capacity.
As you can see I have a primary and backup link. Now they terminate into two separate DMZs, which don't have direct layer2/3 connectivity. So I am aiming to create the same profile on both ASAs, with a Primary, and Backup server defined. Now potentially I have more users, than I can licence on a single ASA, so if that is full, will that be seen as not available to new clients, so they then are forced to connect to the backup site?
So what needs to happen for clients to use the backup link?
Thanks in advance,
Mike.
11-28-2013 11:59 AM
Hi,
What type of failover are we talking here? Active/Active, Active/Standby? In either of these two you would run into issues as a failover will not occure unless there is a link failure. The Active Active should run fine until a failover occurs or you again go over the licensed user limit as you could have the option of splitting the traffic between the two ASAs. Active Standby would not help at all if you have more users than that the license permits.
You could configure your ASAs in a cluster, but that would require ASA5585-X and a specific license for clustering. If you have that then you dont have a limit on the number of users anyway.
Your best option is to upgrade your ASA licenses to support unlimited users.
--
Please remember to rate and select a correct answer
11-28-2013 12:49 PM
You can load balance VPN connections on the ASA.
Sent from Cisco Technical Support Android App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide