Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
665
Views
0
Helpful
1
Replies

ASA 9.X features

Devavrat Oka
Level 1
Level 1

‎12-10-2013 07:39 PM

If I have a pair of ASA 5585-X with SSP 20 in HA (Active/Active), with 9.X code:

1. My understanding is the licenses (VPN, SSL, enable 10G i/o) are not shared and we'll need 2 license counts for the HA cluster.

2.          Does L2L IPSec VPN failover between the Active Active pair?

3.          Does Remote Access Anyconnect SSL VPN failover between the Active Active pair?

This document (http://www.cisco.com/en/US/docs/security/asa/asa90/release/notes/asarn90.html#wp684764) says Site to Site VPN and dynamic routing in multiple context mode is supported. Isn't it true that for multiple contexts, you have to run the ASA in Active Active? So that being said, L2L VPNs can failover across the cluster and dynamic routing is supported in A/A right?

Thank you.

Labels:
0 Helpful
1 Reply 1

m.kafka
Level 4
Level 4

‎12-11-2013 12:43 AM

Hi,

1) According to licensing rules yes, search for "asa licensing", there are several detailed documents.

2) This is true according to the feature descriptions, never tried it myself

3) I'm afraid not yet, RA VPN is not on the feature list for active/active AFAIK

The rest:

It's the other way round: for active/active you have to run multiple context but you can run multiple context without a/a failover.

The last sentence is correct according to the feature descriptions.

0 Helpful
Customers Also Viewed These Support Documents