We have 2 x WSA S670s that we wish to load balance across. The WSAs are running 7.5.1 and can only be in transparent mode. These are connected through WCCP to a pair of Nexus 7ks, running 6.1(3). We are seeing active/standby behaviour and we are expecting A/A. If we shut the port on the active WSA, the second WSA will begin proxing traffic. When we remove the shut command, the traffic will again go back to first WSA. Is this expected behaviour? We were expecting both WSA to handle traffic.
I have some questions on WSA high-availability. Let say I have two units of WSA and they are deployed in transparent mode using WCCP. As I understand, the load-balancing will be handled by WCCP server (WCCP compliant routers or switches) and WCCP server will redirect the web request to the available WCCP client (either WSA1 or WSA2). Meaning to say all WSA they are running active/active configuration. Please correct me if i'm wrong.
My questions as follows:
1) Any dependency for WSA to achieve active/active? How to ensure can achieve active/active?
2) Let say I have 2 appliance model S380, if running active/active is that means 8K users will be equally distributed on each appliance such as 4K on WSA1 and 4K on WSA2?
3) If let say customer have 14K users, is that means have to upgrade to higher box like S680? And how's the load calculation will be? 7K each appliance or what?
4) If let say customer have 10K users, is that means I can use the same box S380? 5K each appliance or what? And how's the loan calculation will be?
In order for 2 WSA's to become Active/Active, they must be utilizing the same WCCP service ID. If two WCCP service IDs are used, then the lower WCCP service ID will be Active, and the higher will be Standby.
If you shut a port down and break the WCCP neighborship, it will have no choice but to fail over to the higher WCCP service ID.
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 188.8.131.52Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 184.108.40.206R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...