Let's say you have 2 VPN termination devices firewalls with anyconnect premium licensing on each of them. These 2 devices are configured in a vpn profile as primary and secondary.
Should the limit in the number of VPN connections on the primary firewall be reached, do the subsequent connections failover to the secondary VPN firewall and end up using all the licenses on the primary plus the licenses on the secondary?
What triggers that failover?
Hi,
If both devices are configured in Active/Standby HA then Failover will trigger if device got failed or monitored interfaces got failed.
Failover cannot trigger due to license over utilization. Since it is Active/standby, sessions cannot be distributed also if configured in HA.
You can include one or more interfaces for monitoring which can trigger failover if interface went down.
You can find more info on interface monitoring or failover at
Do you have both Firewalls operational as stand alone ? To load balance in this scenario into have load balancer which can distribute VPN session
Maybe I shouldn't have used the work failover in the title (i've since removed it)
So they are not a failover pair. The scenario has 2 ASAs, different FQDNs, and a client anyconnect profile with both of them listed, one as primary and the other as secondary.