Solved: ASA 5512-X and Clustering

fsebera · ‎12-09-2014

Hi,

Can I employ 2 Cisco ASA 5512-X firewalls for AnyConnect Clustering with Certs in an active/active setup?

Clustering - perhaps this is not the correct term, but I basically need to have an active/active AnyConnect setup with load distribution and failover.

Thank you

Frank

Karsten Iwen · ‎12-09-2014

No, AnyConnect (or more precise all remote-access VPN) is not supported in A/A or clustering.

But there is also a VPN-Cluster that could be used depending on your needs. Most of the times it will be better to buy the next bigger boxes that has a larger user-count and more throughput and run them in A/S instead of planing for any active/active or clustering scenario.

View solution in original post

Karsten Iwen · ‎12-09-2014

No, AnyConnect (or more precise all remote-access VPN) is not supported in A/A or clustering.

But there is also a VPN-Cluster that could be used depending on your needs. Most of the times it will be better to buy the next bigger boxes that has a larger user-count and more throughput and run them in A/S instead of planing for any active/active or clustering scenario.

fsebera · ‎12-10-2014

Hi Karsten,

Thank you!

My Cisco ASA All-in-one Next Generation 3rd edition book does outline the clustering details of unsupported features (page 689) but refers to IOS 9.1(2). We (Cisco) are passed that IOS at this point so I just needed to clarify.

Thanks again

Frank