• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1567
  • Last Modified:

Cisco ASA 5540 Load Balancing

Hi - I have two ASA's (5540's) in Load Balancing with AAA and certificate authentication using ANYconnect and PKI for XP machines.

What I want to know is If I disable the load balancing from ASDM, what impact will it have on users or the config, and then how easy is it to pair them-up again in load balancing.

Many Thanks
Regards
Adam
0
adam_kan2000
Asked:
adam_kan2000
  • 3
  • 3
1 Solution
 
Robert Sutton JrSenior Network ManagerCommented:
0
 
adam_kan2000Author Commented:
The above comment does not help at all.

Regards
Adam
0
 
Robert Sutton JrSenior Network ManagerCommented:
Basically, ASA's DO not load balance. If you are ref. to vpn clustering and load balancing then thats a bit different. One of the main purposes for this setup is for "High" availablility of your Public Ip address(es). In the event the ASA serving your public Ip fails, another ASA in the cluster will assume the Public Ip without intervening. Disabling this may have somewhat of an impact on your network if you have several VPN clients facing this Public Ip.

Here is  brief tutorial and overview.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805fda25.shtml

Hope this helps.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
adam_kan2000Author Commented:
Thank you. You have summed up my setup at work very well. I've two ASA's in VPN clustering and load balancing setup for HA. I only have 400 people connecting to them. All I want to know is if I disable the VPN load balancing from ASDM - how easy will it be to put them back together and can I have any issues pairing them-up again.
0
 
Robert Sutton JrSenior Network ManagerCommented:
My suggestion would be is to save ALL RUNNING config's and save them to a text file by naming the files with their respective hostnames.. Once this is done, you have a capability to throw the "Known working Original" configs back on there very easily once you remove the load balancing "option"..Then if for some reason it becomes an issue and you need to revert back to the original setup, it should only take you 2mins to change the running configs and everything should be back to normal.

Hope this helps
0
 
adam_kan2000Author Commented:
Thank you - your answer/solution was most helpful.

Do you do any private consultancy work ? if you do  - contact me on my email:adam_kan2000@hotmail.co.uk

Regards
Adam
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now