02-13-2020 02:22 AM - edited 02-13-2020 03:56 AM
Let's say you have 2 VPN termination devices firewalls with anyconnect premium licensing on each of them. These 2 devices are configured in a vpn profile as primary and secondary.
Should the limit in the number of VPN connections on the primary firewall be reached, do the subsequent connections failover to the secondary VPN firewall and end up using all the licenses on the primary plus the licenses on the secondary?
What triggers that failover?
02-13-2020 02:24 AM
02-13-2020 02:36 AM - edited 02-13-2020 03:02 AM
Hi,
If both devices are configured in Active/Standby HA then Failover will trigger if device got failed or monitored interfaces got failed.
Failover cannot trigger due to license over utilization. Since it is Active/standby, sessions cannot be distributed also if configured in HA.
You can include one or more interfaces for monitoring which can trigger failover if interface went down.
You can find more info on interface monitoring or failover at
Do you have both Firewalls operational as stand alone ? To load balance in this scenario into have load balancer which can distribute VPN session
02-13-2020 04:01 AM
Maybe I shouldn't have used the work failover in the title (i've since removed it)
So they are not a failover pair. The scenario has 2 ASAs, different FQDNs, and a client anyconnect profile with both of them listed, one as primary and the other as secondary.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide