CCDTT

High Availability in Clientless SSL VPN

Get 30% off ITprotv.com with: You can use promo code: OSCAROGANDO2
Follow Me on Twitter: https://twitter.com/CCNADailyTIPS

Clientless SSL High Availability

You can achieve two types of failover configuration with the ASA: active/active and active/standby.


Active/Active


Allows for a much greater percentage of available resources for deployment. However, active/active configuration does not provide any support for any type of VPN deployment because the ASA needs to run in Multiple Context mode. So, no further time is spent looking at this option, although it is good to know it exists.

Active/Standby


ASA device is active and passing/inspecting traffic while the other is in standby, monitoring the state of the other until the time comes when it must take an active role. You have two configuration options when using active/standby

Stateful configuration allows existing VPN sessions and tunnels to stay up even when a failover has occurred and the connecting clients and sites are now entering through the previous standby device.
The current connection “states” are synchronized between devices across a dedicated stateful connection between the two ASAs or by using the existing failover interfaces. The following clientless SSL

VPN objects are not supported with stateful failover:
■ Smart tunnels
■ Port forwarding
■ Plug-ins
■ Java applets
■ IPv6 clientless or AnyConnect sessions
■ Citrix authentication (Citrix users are required to authentication after a failover.)

Share the Post:

Related Posts

Help Us By Donating