Forum Discussion

Cirrostratus

Nov 29, 2022

For AnyConnect RA Load Balancing which Module to Use GTM or LTM

For AnyConnect RA Load Balancing which Module to Use GTM or LTM. I have 2 RA VPN but they are at SAME Data Center. Should I use LTM or GTM ? Each AnyConnect VPN 2 different identity cert normally...

application delivery

security

Paulius

MVP

Dec 07, 2022

I would use the GTM to load balance your AnyConnect VPN connections but if you have an SSL certificate that is only valid on each RA device for one FQDN you will have an issue because typically the GTM setup is as follows.

myvpn.company.com -> vpn1.company.com
myvpn.company.com -> vpn2.company.com

That myvpn.company.com response will change depending on your load balancing algorithm so each destination device will see the request as myvpn.company.com rather than vpn1 or vpn2.company.com so make sure your SSL cert covers both names if that is allowed. Aside from that I believe Cisco has a way of doing this on their own at the following link.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/configuration/vpn/asa-99-vpn-config/vpn-ha.html#ID-2186-000003f0

Forum Discussion

For AnyConnect RA Load Balancing which Module to Use GTM or LTM

Recent Discussions

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Portal Access to HTTPS resources slow

How to Implement 2 Way SSL in F5 LTM

Azure DP-100 Exam Questions

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Ansible module to update BIG-IP root/admin passwords

Hardware Security Modules

NGINXaaS for Azure: Load Balancing

Ansible - Running bash commands with bigip_command module - How it's done