05-02-2014 12:01 PM
I have a pair of Asa 5520 running active standby failover. Can I use both these machines in a ssl vpn loadbalancing cluster?
Solved! Go to Solution.
05-03-2014 05:09 AM
No. When an active/standby pair is part of a VPN cluster, the standby unit is still standby - it won't be actively terminating end user sessions. Only the active (and non-failover) cluster members will be doing so.
05-03-2014 01:35 AM
Yes, a vpn-loadbalancing-cluster member can be a standallone unit or an A/S faoilover unit. It's also allowed that some members are FO and others are standalone.
You find more information on that in the config-guide: http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_params.html#wp1048834
05-03-2014 01:52 AM
05-03-2014 05:09 AM
No. When an active/standby pair is part of a VPN cluster, the standby unit is still standby - it won't be actively terminating end user sessions. Only the active (and non-failover) cluster members will be doing so.
05-03-2014 07:18 AM
And if it's more about scalability for more peers, then you can run a VPN-cluster with just two ASAs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide