Re: For AnyConnect RA Load Balancing which Module to Use F5 GTM or LTM

MSJ1 · ‎11-30-2022

For AnyConnect RA Load Balancing which Module to Use GTM or LTM.

I have 2 RA VPN but they are at SAME Data Center. Should I use LTM or GTM ?

Each AnyConnect VPN 2 different identity cert normally , but if we put F5 Infront of it , what cert will be installed at each AnyConnect Box ?

Plan to use F5 is using load balancing between 2 VPN

For example if 1st RA BOX name is - vpn1.company.com and 2nd one is vpn2.company.com , normally each VPN will have each individual Identity cert on them , but if we put F5 infront of both what cert we need to call from each VPN Config at AnyConnect level ?

balaji.bandi · ‎12-01-2022

It depends on the requirements of how you are looking to setup.

G - Global Traffic Manager (which internally rely on LTM to Load-balance between DC or other factors)

L - Local Traffic Manager, per-site basis.

If its same DC I use LTM.

check below document :

https://community.cisco.com/t5/security-knowledge-base/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Milos_Jovanovic · ‎12-04-2022

Hi @MSJ1,

For AnyConnect, and in case you are using ASA SW, I would recommend to go for VPN Load Balancing. It is a great feature, and I've used it multiple times.

Based on what you've described, it sounds like something you could use. Cert-wise, you would need to use cert with multiple SANs (e.g. vpn.company.com, vpn1.companycom and vpn2.company.com, where first and second FQDN are relevant to first device, and first and third are relevant to second device).

Kind regards,

Milos

For AnyConnect RA Load Balancing which Module to Use F5 GTM or LTM ?