05-21-2010 12:14 PM
I have 2 5520's with a 50 user SSLVPN license on each. I want to use the VPN load balancing feature. Should I be sending users to the Cluster IP Address ? The documentation isnt clear on this point.
Thanks,
Justin
Solved! Go to Solution.
05-21-2010 12:28 PM
That's correct. You should have the VPN connect to the LB cluster IP, not the individual IP addresses. The master ASA will listen for the connection requests to the LB Cluster IP and based on load either accept the connection or automatically redirect it to one of the standby ASAs in the cluster. This should all be transparent to the VPN user connecting.
05-21-2010 12:37 PM
jickfoo wrote:
I have 2 5520's with a 50 user SSLVPN license on each. I want to use the VPN load balancing feature. Should I be sending users to the Cluster IP Address ? The documentation isnt clear on this point.
Thanks,
Justin
Justin
You need to use the cluster IP address. If you used the actual address of the firewall outside interfaces then you wouldn't get load-balancing.
Jon
05-21-2010 12:28 PM
That's correct. You should have the VPN connect to the LB cluster IP, not the individual IP addresses. The master ASA will listen for the connection requests to the LB Cluster IP and based on load either accept the connection or automatically redirect it to one of the standby ASAs in the cluster. This should all be transparent to the VPN user connecting.
05-21-2010 12:37 PM
jickfoo wrote:
I have 2 5520's with a 50 user SSLVPN license on each. I want to use the VPN load balancing feature. Should I be sending users to the Cluster IP Address ? The documentation isnt clear on this point.
Thanks,
Justin
Justin
You need to use the cluster IP address. If you used the actual address of the firewall outside interfaces then you wouldn't get load-balancing.
Jon
05-21-2010 12:47 PM
Out of interest, why was this rated as not helpful ?
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: