Filter
Top Products
34-21
Cisco ASDM User Guide
OL-16647-01
Chapter 34 IKE
Load Balancing
–
Enable IPsec Encryption—Enables or disables IPsec encryption. If you select this check box,
you must also specify and verify a shared secret.The security appliances in the virtual cluster
communicate via LAN-to-LAN tunnels using IPsec. To ensure that all load-balancing
information communicated between the devices is encrypted, select this check box.
Note When using encryption, you must have previously configured the load-balancing inside
interface. If that interface is not enabled on the load-balancing inside interface, you get an error
message when you try to configure cluster encryption.
If the load-balancing inside interface was enabled when you configured cluster encryption, but
was disabled before you configured the participation of the device in the virtual cluster, you get
an error message when you select the Participate in Load Balancing Cluster check box, and
encryption is not enabled for the cluster.
–
IPsec Shared Secret—Specifies the shared secret to between IPsec peers when you have
enabled IPsec encryption. The value you enter in the box appears as consecutive asterisk
characters.
–
Verify Secret—Confirms the shared secret value entered in the IPsec Shared Secret box.
• VPN Server Configuration—Configures parameters for this specific device.
–
Interfaces—Configures the public and private interfaces and their relevant parameters.
–
Public—Specifies the name or IP address of the public interface for this device.
–
Private—Specifies the name or IP address of the private interface for this device.
–
Priority—Specifies the priority assigned to this device within the cluster. The range is from 1
to 10. The priority indicates the likelihood of this device becoming the virtual cluster master,
either at start-up or when an existing master fails. The higher you set the priority (for example,
10), the more likely this device becomes the virtual cluster master.
Note If the devices in the virtual cluster are powered up at different times, the first device to be
powered up assumes the role of virtual cluster master. Because every virtual cluster requires a
master, each device in the virtual cluster checks when it is powered-up to ensure that the cluster
has a virtual master. If none exists, that device takes on the role. Devices powered up and added
to the cluster later become secondary devices. If all the devices in the virtual cluster are powered
up simultaneously, the device with the highest priority setting becomes the virtual cluster master.
If two or more devices in the virtual cluster are powered up simultaneously, and both have the
highest priority setting, the one with the lowest IP address becomes the virtual cluster master.
–
NAT Assigned IP Address—Specifies the IP address that this device’s IP address is translated
to by NAT. Enter 0.0.0.0 if NAT is not being used or if the device is not behind a firewall using
NAT.
–
Send FQDN to client—Check this check box to cause the VPN cluster master to send a fully
qualified domain name using the host and domain name of the cluster device instead of the
outside IP address when redirecting VPN client connections to that cluster device.
To enable Clientless SSL VPN load balancing using FQDNs rather than IP addresses, you must do the
following configuration steps:
Step 1 Enable the use of FQDNs for Load Balancing by checking the Send FQDN to client... checkbox.