Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
830
Views
5
Helpful
3
Replies

Load Balancing ASA question - which IP do I direct clients too?

Go to solution
jickfoo
Level 1
Level 1

‎05-21-2010 12:14 PM

I have 2 5520's with a 50 user SSLVPN license on each. I want to use the VPN load balancing feature. Should I be sending users to the Cluster IP Address ? The documentation isnt clear on this point.

Thanks,

Justin

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
hdashnau
Cisco Employee
Cisco Employee

‎05-21-2010 12:28 PM

That's correct. You should have the VPN connect to the LB cluster IP, not the individual IP addresses. The master ASA will listen for the connection requests to the LB Cluster IP and based on load either accept the connection or automatically redirect it to one of the standby ASAs in the cluster. This should all be transparent to the VPN user connecting.

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎05-21-2010 12:37 PM 

jickfoo wrote:
I have 2 5520's with a 50 user SSLVPN license on each. I want to use the VPN load balancing feature. Should I be sending users to the Cluster IP Address ? The documentation isnt clear on this point.
Thanks,
Justin

Justin

You need to use the cluster IP address. If you used the actual address of the firewall outside interfaces then you wouldn't get load-balancing.

Jon

View solution in original post

3 Replies 3

Go to solution
hdashnau
Cisco Employee
Cisco Employee

‎05-21-2010 12:28 PM

That's correct. You should have the VPN connect to the LB cluster IP, not the individual IP addresses. The master ASA will listen for the connection requests to the LB Cluster IP and based on load either accept the connection or automatically redirect it to one of the standby ASAs in the cluster. This should all be transparent to the VPN user connecting.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎05-21-2010 12:37 PM 

jickfoo wrote:
I have 2 5520's with a 50 user SSLVPN license on each. I want to use the VPN load balancing feature. Should I be sending users to the Cluster IP Address ? The documentation isnt clear on this point.
Thanks,
Justin

Justin

You need to use the cluster IP address. If you used the actual address of the firewall outside interfaces then you wouldn't get load-balancing.

Jon

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎05-21-2010 12:47 PM

Out of interest, why was this rated as not helpful ?

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents