Cisco ASA VPN Optimal Gateway Selection with Load-Balancing

Hi all is it possible to use the Cisco ASA VPN Optimal Gateway Selection say for each site that has at least 2 ASAs and than on top of that use the VPN Load-Balancing feature?  I have 3 sites in mind that each have 2 ASAs that are used strictly for remote access VPNs, and on each site I have the OGS setup so the clients can use RTT to make the selection, but I was wondering if I can take it a step further and put each site into a VPN Load-Balancing cluster and change the OGS of course to use the new individual site VPN cluster IPS.

Comments

  • Hi,

       Yes it will work. However, unless you don't have a problem with the maximum number of sessions you want to have at the same time, i would just use optomal gateway selection and A/S failover in each site.

    Regards,

    Cristian.

  • Thanks Cristian! That is exactly what I was looking for what would be the best practice to deploy.  It sounds like that usually don't have anymore than around 150 users using the VPN every day on average.  So it sounds like load-balancing would really not benefit them, and only adds to the complexity of the configuration.  They want to keep the standalone config vs active/standby so they can user the max 2500 vpn users per FW on snowdays where they might go over 2500 users.

  • If they indeed have a licensing problem with A/S if all users connect, yes leave it as A/S.

    Regards,

    Cristian.

  • Hello,

    I would like to ask if OGS will work on ASA version 9.x? I can't find documentation for this feature on this version. I think I have it configured correctly but I can't make it work. Can anyone assist me?

Sign In or Register to comment.