Cisco ASA and aborted VPN Client Connections
Today’s question comes to us from a technology solutions and services provider and delves deeper into network functionality.
Q: I have a customer that has 2 ISP’s connected to a Cisco ASA. They were recently using SLA monitor and altering their route tables if an interface went down. I am trying to find a solution where they can have both lines active and in use.
In their current configuration they had users using Cisco Client VPN to connect and were getting dropped due to failover occurring. The link from primary to secondary was flapping and aborting VPN client connections. They need reliable client VPN connections and be able to also do some policy-based routing of traffic.
A: Ecessa has options that can be set to account for flapping lines so that VPN connections remain stable. Your customer could continue to use the Cisco ASA and Cisco VPN clients while the Ecessa device would manage the multiple ISPs (Ecessa’s primary role). The Ecessa unit would sit in front of the Cisco ASA.
Although the VPNs would still drop in the event of a legitimate failover, Ecessa has ways to account for lines flapping and eliminate unnecessary disruptions. There are multiple options as far as how traffic is routed, including policy-based routing identified by source IP, destination IP, source port, destination port, or protocol, or a combination of those parameters.
Ecessa offers a full line of WAN management gear that allows you to scale from basic fail over to advanced virtualization of all your connections. For more information about how Ecessa devices work in concert with other networking hardware, please download our WAN Solutions Matrix.