Remote Access VPN Design (Tips Tricks when VPN Gateways overloaded 😉
- VPN Load Balancing Configuration – “Load balancing is a mechanism for equitably distributing remote-access VPN traffic among the devices in a virtual cluster. It is based on simple distribution of traffic without taking into account throughput or other factors. A load-balancing cluster consists of two or more devices, one is the virtual master, and the other devices are the backup. These devices do not need to be of the exact same type, or have identical software versions or configurations.”
- Global Gateway Selection – “Optimal Gateway Selection (OGS) is a feature that can be used for  determining which gateway has the lowest RTT and connect to that  gateway. Using the Optimal Gateway Selection (OGS) feature, administrators can minimize latency for Internet traffic without user intervention. With OGS, AnyConnect identifies and selects which secure gateway is best for connection or reconnection.”
- Dynamic Split Tunneling – Love this feature, define which applications go out local internet pipe vs backhaul to VPN firewall. Easy way to take load off Headend VPN appliance.Â
- AnyConnect Management Tunnel – Feature introduced in 4.7, build an out of band tunnel that is always on and transparent to user. Sweet alternative to Always-On or Start before logon. Use this tunnel for updates, patches, remote support etc. Â
- Unsupported Features AnyConnect for FTD – trying to pick a headend firewall, make sure features you require are supported!
- Remote-Access-BestPractices – (Updated March 2020)
