cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
829
Views
0
Helpful
3
Replies

Anyconnect Premium Peers VPN licencing Limits

Let's say you have 2 VPN termination devices firewalls with anyconnect premium licensing on each of them. These 2 devices are configured in a vpn profile as primary and secondary.

 

Should the limit in the number of VPN connections on the primary firewall be reached, do the subsequent connections failover to the secondary VPN firewall and end up using all the licenses on the primary plus the licenses on the secondary?

What triggers that failover?

3 Replies 3

 

Muhammad Awais Khan
Cisco Employee
Cisco Employee

Hi,

 

If both devices are configured in Active/Standby HA then Failover will trigger if device got failed or monitored interfaces got failed.

 

Failover cannot trigger due to license over utilization. Since it is Active/standby, sessions cannot be distributed also if configured in HA.

 

You can include one or more interfaces for monitoring which can trigger failover if interface went down.

You can find more info on interface monitoring or failover at

 

https://community.cisco.com/t5/security-documents/asa-interface-monitoring-in-failover-and-its-impact/ta-p/3144324

 

Do you have both Firewalls operational as stand alone ? To load balance in this scenario into have load balancer which can distribute VPN session

Maybe I shouldn't have used the work failover in the title (i've since removed it)

 

So they are not a failover pair. The scenario has 2 ASAs, different FQDNs, and a client anyconnect profile with both of them listed, one as primary and the other as secondary. 

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: