Cisco VPN 2.0: Deploying High Availability Features in Cisco ASA VPNs

This course is included in our On-demand training solution.


Two of the most challenging requirements of VPNs are high availability and high performance. High availability ensures continuous operation even if one or more VPN servers fail. High performance enhancements are deployed to boost the system performance by alleviating the load that is placed on a single VPN server. This course discusses the methods of deploying high availability: redundant peering, active/standby failover, cluster load balancing, and server load balancing (SLB). This course explains the troubleshooting methods that can be employed to investigate high availability problems.

Target Audience

Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security designation. Cisco Network Security Engineers responsible for the selection, configuration, and the troubleshooting of the majority of Cisco ASA adaptive security appliance perimeter security features to reduce risk to IT infrastructure and its applications within their networking environments. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure, as well as working knowledge of the Microsoft Windows operating system. Candidates who have completed the Cisco Certified Network Associate (CCNA), the Cisco Certified Network Associate Security (CCNA Security), the Securing Networks with Cisco Routers and Switches (SECURE) v1.0, and the Deploying Cisco ASA Firewall Solutions (FIREWALL 2.0) Certifications.


Expected Duration

60 min.

Course Objectives

Deploying Redundant Peering

  • describe the high-availability options in SSL and IPsec VPNs
  • describe how to deploy redundant peering in full-tunnel VPNs
  • Deploying Cisco ASA Active/Standby Failover

  • identify the considerations for deploying active/standby failover for SSL and IPsec VPNs
  • Deploying Dynamic-Routing-Based VPN Failover

  • identify the steps to implement OSPF through an IPsec site-to-site tunnel
  • Deploying Cisco ASA VPN Clustering and SLB

  • identify the considerations for deploying Cisco ASA security appliance VPN clusters
  • describe how to provide high availability and high performance using an external SLB appliance
  • Troubleshooting Cisco ASA VPN Failover and Clustering

  • describe how to troubleshoot Cisco ASA security appliance VPN failover and load balancing