cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
247
Views
0
Helpful
3
Replies

Anyconnect Premium Peers VPN licencing Limits

Let's say you have 2 VPN termination devices firewalls with anyconnect premium licensing on each of them. These 2 devices are configured in a vpn profile as primary and secondary.

 

Should the limit in the number of VPN connections on the primary firewall be reached, do the subsequent connections failover to the secondary VPN firewall and end up using all the licenses on the primary plus the licenses on the secondary?

What triggers that failover?

Everyone's tags (3)
3 REPLIES 3
Highlighted

Re: Anyconnect Premium Peers VPN licencing Limits & Failover

 
Highlighted

Re: Anyconnect Premium Peers VPN licencing Limits & Failover

Hi,

 

If both devices are configured in Active/Standby HA then Failover will trigger if device got failed or monitored interfaces got failed.

 

Failover cannot trigger due to license over utilization. Since it is Active/standby, sessions cannot be distributed also if configured in HA.

 

You can include one or more interfaces for monitoring which can trigger failover if interface went down.

You can find more info on interface monitoring or failover at

 

https://community.cisco.com/t5/security-documents/asa-interface-monitoring-in-failover-and-its-impact/ta-p/3144324

 

Do you have both Firewalls operational as stand alone ? To load balance in this scenario into have load balancer which can distribute VPN session

Highlighted

Re: Anyconnect Premium Peers VPN licencing Limits & Failover

Maybe I shouldn't have used the work failover in the title (i've since removed it)

 

So they are not a failover pair. The scenario has 2 ASAs, different FQDNs, and a client anyconnect profile with both of them listed, one as primary and the other as secondary.