Filter
Top Products
34-19
Cisco ASDM User Guide
OL-16647-01
Chapter 34 IKE
Load Balancing
–
ESP Encryption—Selects the Encapsulating Security Protocol (ESP) encryption algorithms
for the transform sets. ESP provides data privacy services, optional data authentication, and
anti-replay services. ESP encapsulates the data being protected.
–
ESP Authentication—Selects the ESP authentication algorithms for the transform sets.
Note The IPsec ESP (Encapsulating Security Payload) protocol provides both encryption and
authentication. Packet authentication proves that data comes from whom you think it comes
from; it is often referred to as “data integrity.”
Modes
The following table shows the modes in which this feature is available:
14-32
Load Balancing
Note To use VPN load balancing, you must have an ASA Model 5510 with a Plus license or an ASA Model
5520 or higher. VPN load balancing also requires an active 3DES/AES license. The security appliance
checks for the existence of this crypto license before enabling load balancing. If it does not detect an
active 3DES or AES license, the security appliance prevents the enabling of load balancing and also
prevents internal configuration of 3DES by the load balancing system unless the license permits this
usage.
This window lets you enable load balancing on the security appliance. Enabling load balancing involves:
• Configuring the load-balancing cluster by establishing a common virtual cluster IP address, UDP
port (if necessary), and IPsec shared secret for the cluster. These values are identical for every device
in the cluster.
• Configuring the participating device by enabling load balancing on the device and defining
device-specific properties. These values vary from device to device.
If you have a remote-client configuration in which you are using two or more security appliances
connected to the same network to handle remote sessions, you can configure these devices to share their
session load. This feature is called load balancing. Load balancing directs session traffic to the least
loaded device, thus distributing the load among all devices. It makes efficient use of system resources
and provides increased performance anodize availability.
Note Load balancing is effective only on remote sessions initiated with the Cisco VPN Client (Release 3.0 and
later), the Cisco VPN 3002 Hardware Client (Release 3.5 and later), or the ASA 5505 operating as an
Easy VPN Client. All other clients, including LAN-to-LAN connections, can connect to a security
appliance on which load balancing is enabled, but the cannot participate in load balancing.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——