Solved: Anyconnect over 2 Different Firewalls

Satinderpal Singh Dhaliwal · ‎12-07-2015

Hi ,

i am trying to make network design with 2 firewalls. i have 2 firewalls directly connected to same ISP. i want to configure Anyconnect VPN for my client.

Design is like.

firewall---------------------

ISP

firewall---------------------

Firewall is in Active and Standby mode.

1. Can i configure anyconnect in such way that if 1 link to ISP fails anyconnect Client automatically shifts to second firewall. ?

If yes what is the way to do that.?

Marvin Rhoads · ‎12-08-2015

Assuming we are talking about Cisco ASA firewalls...

A High Availability (HA) pair presents a single IP address to the external clients. That address moves from one firewall to the other when a failover event occurs. The failover event can be triggered by the status and reachability of a given interface.

So if the link goes down, failover happens and the standby firewall becomes active. The IP address seen by clients remains the same and the newly active firewall will seamlessly continue to carry the remote acccess VPN client sessions.

View solution in original post

Marvin Rhoads · ‎12-08-2015

Assuming we are talking about Cisco ASA firewalls...

A High Availability (HA) pair presents a single IP address to the external clients. That address moves from one firewall to the other when a failover event occurs. The failover event can be triggered by the status and reachability of a given interface.

So if the link goes down, failover happens and the standby firewall becomes active. The IP address seen by clients remains the same and the newly active firewall will seamlessly continue to carry the remote acccess VPN client sessions.

Satinderpal Singh Dhaliwal · ‎12-08-2015

Thank you Marven !!

Yes i am using ASA 55XX.

If i take links from 2 different ISP then is there any Possibility to take same Output ?