05-19-2012 02:51 AM - edited 02-21-2020 06:04 PM
Hello,
We have two 3000 vpn concentrators. Under both of their load balancing fields, Configuration - Load balancing , the checkbox for loadbalancing is enabled.
However both have different priorities, one with 10 and other with 1. Does this mean both are actually loadbalancing. What does the priorities indicate here?
If we replace the concentrators with ASA , how will this load balancing need to be configured on ASA & how will it work.
Thanks.
Solved! Go to Solution.
05-21-2012 05:55 AM
1. Yes you can, and here is the configuration guide for load balancing on ASA:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_params.html#wp1048834
2. Assuming that you would want to use the ACS to authenticate VPN Client user? Here is the configuration guide:
Hope that helps.
05-21-2012 04:51 AM
Priorities only indicate which becomes the Master at startup, however they are still performing load balancing.
here is more information on load balancing priorities on VPN Concentrator for your reference:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a0080094b4a.shtml#cg
Hope that helps.
05-21-2012 05:49 AM
Thanks Jennifer. Few more queries:
1. Is it possible to configure similar load balancing across new two ASA's for remote ipsec vpn
If so, how can it be done.
2. How do i integrate the new ASA's with the ACS. What process does this involve.
Please help.
05-21-2012 05:55 AM
1. Yes you can, and here is the configuration guide for load balancing on ASA:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_params.html#wp1048834
2. Assuming that you would want to use the ACS to authenticate VPN Client user? Here is the configuration guide:
Hope that helps.
05-23-2012 08:52 PM
Thanks Jennifer.
What is the main differentiation between an Active/Active asa setup and load balancing setup for VPN.
Isn't both serve the same goal.
05-23-2012 10:47 PM
ASA Active/Active failover is to provide failover for multiple context firewalls within 1 physical firewall.
Eg: you can have context A and context B active on ASA-1, and context C and context D active on ASA-2, and if either of them fail, they can failover to the respective ASA.
However, Active/Active failover does not support VPN, it's purely for firewall context functionality.
If your ASA is purely for VPN, then you would need to setup VPN load balancing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide