Re: ASA Active/Active or VPN Cluster

bbinion80 · ‎02-11-2009

Greetings,

We have two ASA's that will be used for VPN access. Initially only IPSec connections but eventually, we'll be using the SSL Web connections as well. I was curious which failover configuration would be more appropriate. Active/Active or the VPN Load Balancing Cluster. I was thinking the VPN cluster since they will not be used as firewalls but wasn't sure.

Thanks for any input.

Ivan Martinon · ‎02-11-2009

Have in mind that to have active active failover you need to have security contexts enabled on your ASA devices, and at the moment multiple firewall is enabled (contexts) VPN features are removed from the ASA.

bbinion80 · ‎02-11-2009

So if I am understand what you are saying correctly, I cannot use Active/Active while using remote VPN. I'd have to use the VPN Load Balancing to utilize fault tolerance. Is this correct?

Ivan Martinon · ‎02-11-2009

You can certainly use active/standby failover along with vpn, or you can use vpn load balance it is up to your design, what you can't use is active active failover

bbinion80 · ‎02-12-2009

Yeah I was looking at Active/Standby but my boss feels that if we are using it for VPN (IPSec and SSL) he thought one unit may be doing too much and would rather have some type of load balancing in place. So it seems the VPN cluster may be the best option.