08-22-2009 06:41 AM
Hi all,
I read everything and it's opposite about ASA in cluster/load-balancing mode and how they handle SSL VPN, client IPSec VPN, Site-to-site VPN...
Someone can clarify to me the situation? Can we do Client SSL & IPSec VPN on a ASA cluster?
Site-to-site VPN can't participate to the load-balancing, how is handle the site-to-site VPN (only by the cluster master - in his real ip or can we use cluster IP anyway for site-to-site VPN?
In a ASA cluster, to do site-to-site VPN, can we use the real outside IP of the master?
Thanks in advance.
09-06-2009 09:30 AM
Bump! nobody really?
12-09-2009 10:42 AM
Yes. ASA can load balance remote access VPN (IP
sec, Clientless VPN, and Client SSL VPN). Site-to-Site and L2TP/IPSec don't participate in LB algorithm.
You mus use the real IP of the the ASA for Site-to-Site and L2TP/IPsec sessions. It can be the real IP of the master ASA or any of the cluster.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide