Chapter 63
Configuring IKE, Load Balancing, and NAC
Fields
•
•
Note
Modes
The following table shows the modes in which this feature is available:
14-32
Configuring Load Balancing
If you have a remote-client configuration in which you are using two or more adaptive security
appliances connected to the same network to handle remote sessions, you can configure these devices to
share their session load. This feature is called load balancing. Load balancing directs session traffic to
the least loaded device, thus distributing the load among all devices. It makes efficient use of system
resources and provides increased performance anodize availability.
To use VPN load balancing, you must have an ASA Model 5510 with a Plus license or an ASA Model
Note
5520 or higher. VPN load balancing also requires an active 3DES/AES license. The security appliance
checks for the existence of this crypto license before enabling load balancing. If it does not detect an
active 3DES or AES license, the security appliance prevents the enabling of load balancing and also
prevents internal configuration of 3DES by the load balancing system unless the license permits this
usage.
The following sections explain load balancing:
•
•
OL-20339-01
Set Name—Specifies a name for this transform set.
Properties—Configures properties for this transform set. These properties appear in the Transform
Sets table.
–
Mode—Shows the mode, Tunnel, of the transform set. This field shows the mode for applying
ESP encryption and authentication; in other words, what part of the original IP packet has ESP
applied. Tunnel mode applies ESP encryption and authentication to the entire original IP packet
(IP header and data), thus hiding the ultimate source and destination addresses.
ESP Encryption—Choose the Encapsulating Security Protocol (ESP) encryption algorithms
–
for the transform sets. ESP provides data privacy services, optional data authentication, and
anti-replay services. ESP encapsulates the data being protected.
ESP Authentication—Choose the ESP authentication algorithms for the transform sets.
–
The IPsec ESP (Encapsulating Security Payload) protocol provides both encryption and
authentication. Packet authentication proves that data comes from whom you think it comes
from; it is often referred to as "data integrity."
Firewall Mode
Routed
•
Eligible Clients
Enabling Load Balancing
Security Context
Transparent Single
—
•
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring Load Balancing
Multiple
Context
System
—
—
63-19