01-27-2011 12:50 PM
In older version of code WebVPN was not a supported feature on the ASA, however in 8.x and specifically 8.3 the rel notes no longer list it as an unsupported feature - does that mean WebVPN is fully supported by failover (Act/Stby) in 8.3 ?
I can see on my 8.3 Act/Stby failover pair the "CLI" based WebVPN config getting replicated as you'd expect but I can not see the file based XML config (used in 8.x train) for things such as portal customisation or bookmarks on the standby ASA.
I'm trying to view the WebVPN file based XML config using ASDM connected to the standby ASA and it eventualy times out when trying to browse portal customisation or bookmarks.
Does the WebVPN file based XML config get replicated in a failover pair?
or if not how do I get that content to the box?
thanks,
Sez
Solved! Go to Solution.
01-27-2011 07:27 PM
As per the following document, it states that:
"In Version 8.0 and later, some configuration elements for WebVPN (such as bookmarks and customization) use the VPN failover subsystem, which is part of Stateful Failover. You must use Stateful Failover to synchronize these elements between the members of the failover pair. Stateless (regular) failover is not recommended for WebVPN."
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/ha_overview.html#wp1078936
If you have enabled stateful failover, and the bookmarks and portal customization for webvpn is still not replicated to the standby, I would suggest that you open a TAC case to further investigate the issue.
01-27-2011 07:27 PM
As per the following document, it states that:
"In Version 8.0 and later, some configuration elements for WebVPN (such as bookmarks and customization) use the VPN failover subsystem, which is part of Stateful Failover. You must use Stateful Failover to synchronize these elements between the members of the failover pair. Stateless (regular) failover is not recommended for WebVPN."
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/ha_overview.html#wp1078936
If you have enabled stateful failover, and the bookmarks and portal customization for webvpn is still not replicated to the standby, I would suggest that you open a TAC case to further investigate the issue.
02-07-2011 11:28 AM
Hi Jennifer,
You are right the listed customisations do get transferred across state interface ina failover pair.
I think my issue was one to do with ASDM accessing the content on a secondary, after a failover and it is active and the primary is off-line.
The failed over WebVPN functionality works including the customisations but ASDM wouldn't let me get to the customisation xml content on the secondary to view it
rgds
01-28-2011 12:18 PM
I'm building out the same thing here. Here's what I've noticed...
Yes... your .xml client profile DOES get replicated but that's it. Along with the webvpn content, another thing that doesn't get replicated is your client packages. Why is this a big deal? When it fails over and there's no package available, Webvpn stops working!!! I had to have that package on there. In order to get that package on there, I had to failover to the secondary, upload it, re-add the package definition (svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1), and then failback.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide