Forum Discussion

Cirrostratus

Nov 29, 2022

For AnyConnect RA Load Balancing which Module to Use GTM or LTM

For AnyConnect RA Load Balancing which Module to Use GTM or LTM. I have 2 RA VPN but they are at SAME Data Center. Should I use LTM or GTM ? Each AnyConnect VPN 2 different identity cert normally...

application delivery

security

Paulius

MVP

Dec 07, 2022

I would use the GTM to load balance your AnyConnect VPN connections but if you have an SSL certificate that is only valid on each RA device for one FQDN you will have an issue because typically the GTM setup is as follows.

myvpn.company.com -> vpn1.company.com
myvpn.company.com -> vpn2.company.com

That myvpn.company.com response will change depending on your load balancing algorithm so each destination device will see the request as myvpn.company.com rather than vpn1 or vpn2.company.com so make sure your SSL cert covers both names if that is allowed. Aside from that I believe Cisco has a way of doing this on their own at the following link.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/configuration/vpn/asa-99-vpn-config/vpn-ha.html#ID-2186-000003f0

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)