Solved: ssl VPN failover

v_rajure · ‎12-16-2010

Hi,

I have a SSL VPN 500 license appliance running. I also have a ne 5520 firewall bundle. Can I use the firewall bundle as a failover ( active / active OR active / standby ) to the current 5520 with 500 SSL licenses ?

If not what is required to have a failover for 5520 with 500 SSL appliance ?

Thanks,

Vin

Jennifer Halim · ‎12-17-2010

If you are running version 8.2 and earlier, then you would need to have the same 500 SSL user license activated on the new ASA5520 to run failover.

Both ASA needs to have exactly the same hardware, module, license to run failover if they are running version 8.2 and earlier.

However, if you are running version 8.3 and later, you do not need to have the same 500 SSL user license activated on the new ASA5520. You can configure failover straight away.

Hope that answers your question.

View solution in original post

Jennifer Halim · ‎12-17-2010

If you are running version 8.2 and earlier, then you would need to have the same 500 SSL user license activated on the new ASA5520 to run failover.

Both ASA needs to have exactly the same hardware, module, license to run failover if they are running version 8.2 and earlier.

However, if you are running version 8.3 and later, you do not need to have the same 500 SSL user license activated on the new ASA5520. You can configure failover straight away.

Hope that answers your question.

v_rajure · ‎12-17-2010

Hi Jennifer,

Thanks for the answer. I wanted to confirm the same. But then anyway upgrade is required as 8.3 requires 2GB of memory without which it won’t work. Is it that it won’t work or it will work but not recommended ?

Regards,

Vin

Jennifer Halim · ‎12-17-2010

It will work, however, you are right, it is not recommended. Purely because if you are sending more and more traffic through the ASA, it could potentially impact on performance.