Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1089
Views
0
Helpful
4
Replies

AnyConnect SSL Load Balancing with Big IP

Louis Gonzales
Level 1
Level 1

‎04-12-2022 03:05 PM

Has been able to F5 GSLB to load balance AnyConnect SSL remote access VPN or is there a guide anywhere?  We currently have two ASAv50s deployed in our two main data centers and we want to be able to use our F5s with GSLB to load balance the traffic between them.

Labels:
0 Helpful
4 Replies 4

Sheraz.Salim
VIP
VIP

‎04-12-2022 08:30 PM

Cisco already have a solution in place for this kind of scenarios. Therefore F5 wont be help for you. as you running ASAv50 VPN Load Balancing is supported.

Here and Here 

please do not forget to rate.
0 Helpful

Louis Gonzales
Level 1
Level 1

‎02-23-2023 12:50 PM

Unless I'm reading this incorrectly the VPN load balancing option being talked about needs to have the ASAs located in the same inside and outside IP networks.  In our environment we have our ASAs located in two completely different data centers in different states.  From reading the documentation that I've found, in this scenario we would need to use some type of external DNS load balancing which we use Big IP GSLB.  I'm trying to find some type of guide for that setup, but I may need to find a more generic guide through Big IP.

0 Helpful

trodecke
Level 1
Level 1
In response to Louis Gonzales

‎02-25-2023 08:47 PM

GSLB, aka DNS, is really just DNS so there's no trick there to load balancing a VPN connection.  All you would need to do is to add your pools to the same WIP, protocols aren't an issue there.  The real work takes place at the LTM level with what protocols you want to let through.  Since you mentioned SSL VPNs,  I believe you would just setup your Virtual Servers the same as any HTTPS website.  Those VSs would feed your DNS Pool and the Pools would be in your DNS WIP.  It can get more involved from there,  especially if you want to configure things so the users connect to the ASA that's closest to them.  That level of configuration is a bit beyond me and would probably require some professional services from F5.  

0 Helpful
Customers Also Viewed These Support Documents