Forum Discussion
Subrun
Cirrostratus
CirrostratusFor AnyConnect RA Load Balancing which Module to Use GTM or LTM
For AnyConnect RA Load Balancing which Module to Use GTM or LTM.
I have 2 RA VPN but they are at SAME Data Center. Should I use LTM or GTM ?
Each AnyConnect VPN 2 different identity cert normally , but if we put F5 Infront of it , what cert will be installed at each AnyConnect Box ?
Plan to use F5 is using load balancing between 2 VPN
For example if 1st RA BOX name is - vpn1.company.com and 2nd one is vpn2.company.com , normally each VPN will have each individual Identity cert on them , but if we put F5 infront of both what cert we need to call from each VPN Config at AnyConnect level ?
- Paulius
MVP
I would use the GTM to load balance your AnyConnect VPN connections but if you have an SSL certificate that is only valid on each RA device for one FQDN you will have an issue because typically the GTM setup is as follows.
myvpn.company.com -> vpn1.company.com
myvpn.company.com -> vpn2.company.comThat myvpn.company.com response will change depending on your load balancing algorithm so each destination device will see the request as myvpn.company.com rather than vpn1 or vpn2.company.com so make sure your SSL cert covers both names if that is allowed. Aside from that I believe Cisco has a way of doing this on their own at the following link.
