https://community.checkpoint.com/t5/SASE-and-Remote-Access/2-Sites-with-same-VPN-domain-without-MEP/m-p/197810#M4394 <P>Hello team,</P><P>&nbsp;</P><P>We have primary VPN site for our VPN clients but we want some of them to use secondary.</P><P>Primary site and secondary site is managed by same SMS, they are connected over MPLS.&nbsp;</P><P>Primary site is cluster with 5600 and secondary is open server, they all run on latest R81.20 with HF26.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><SPAN>I tried disabling MEP and Secondary Connect but primary site is showing problems. Ill need to remove/add vpn site everytime to work. First time VPN will connect, and second time will immediately drop.</SPAN></P><P><SPAN>I have read this and pretty much i have same issue.</SPAN></P><P><SPAN><A href="https://community.checkpoint.com/t5/Remote-Access-VPN/Two-Gateways-Serving-the-Same-Encryption-Domain/td-p/178621" target="_blank">https://community.checkpoint.com/t5/Remote-Access-VPN/Two-Gateways-Serving-the-Same-Encryption-Domain/td-p/178621</A></SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>"trac_client_1.ttm" file edited on all GWs, example bellow is from Site1 GW.&nbsp;</P><P>)<BR />)<BR />:mep_mode (<BR />:gateway (<BR />:map (<BR />:dns_based (dns_based)<BR />:first_to_respond (first_to_respond)<BR />:primary_backup (primary_backup)<BR />:load_sharing (load_sharing)<BR />:client_decide (client_decide)<BR />)<BR />:default (primary_backup)<BR />)<BR />)</P><P>)<BR />)<BR />:ips_of_gws_in_mep (<BR />:gateway (<BR />:default (Site1externalIP1&amp;#Site1externalIP2&amp;#)<BR />)<BR />)</P><P>)<BR />)<BR />:automatic_mep_topology (<BR />:gateway (<BR />:map (<BR />:false (false)<BR />:true (true)<BR />:client_decide (false)<BR />)<BR />:default (false)<BR />)<BR />)</P><P>)<BR />)<BR />:enable_secondary_connect (<BR />:gateway (<BR />:map (<BR />:false (false)<BR />:true (true)<BR />:client_decide (client_decide)<BR />)<BR />:default (false)<BR />)<BR />)</P><P>&nbsp;</P><P>Have anyone manage to overcome this problem?</P><P>&nbsp;</P><P>Thx</P><P>&nbsp;</P> Mon, 13 Nov 2023 13:26:45 GMT Vladimir123 2023-11-13T13:26:45Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/2-Sites-with-same-VPN-domain-without-MEP/m-p/197810#M4394 <P>Hello team,</P><P>&nbsp;</P><P>We have primary VPN site for our VPN clients but we want some of them to use secondary.</P><P>Primary site and secondary site is managed by same SMS, they are connected over MPLS.&nbsp;</P><P>Primary site is cluster with 5600 and secondary is open server, they all run on latest R81.20 with HF26.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><SPAN>I tried disabling MEP and Secondary Connect but primary site is showing problems. Ill need to remove/add vpn site everytime to work. First time VPN will connect, and second time will immediately drop.</SPAN></P><P><SPAN>I have read this and pretty much i have same issue.</SPAN></P><P><SPAN><A href="https://community.checkpoint.com/t5/Remote-Access-VPN/Two-Gateways-Serving-the-Same-Encryption-Domain/td-p/178621" target="_blank">https://community.checkpoint.com/t5/Remote-Access-VPN/Two-Gateways-Serving-the-Same-Encryption-Domain/td-p/178621</A></SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>"trac_client_1.ttm" file edited on all GWs, example bellow is from Site1 GW.&nbsp;</P><P>)<BR />)<BR />:mep_mode (<BR />:gateway (<BR />:map (<BR />:dns_based (dns_based)<BR />:first_to_respond (first_to_respond)<BR />:primary_backup (primary_backup)<BR />:load_sharing (load_sharing)<BR />:client_decide (client_decide)<BR />)<BR />:default (primary_backup)<BR />)<BR />)</P><P>)<BR />)<BR />:ips_of_gws_in_mep (<BR />:gateway (<BR />:default (Site1externalIP1&amp;#Site1externalIP2&amp;#)<BR />)<BR />)</P><P>)<BR />)<BR />:automatic_mep_topology (<BR />:gateway (<BR />:map (<BR />:false (false)<BR />:true (true)<BR />:client_decide (false)<BR />)<BR />:default (false)<BR />)<BR />)</P><P>)<BR />)<BR />:enable_secondary_connect (<BR />:gateway (<BR />:map (<BR />:false (false)<BR />:true (true)<BR />:client_decide (client_decide)<BR />)<BR />:default (false)<BR />)<BR />)</P><P>&nbsp;</P><P>Have anyone manage to overcome this problem?</P><P>&nbsp;</P><P>Thx</P><P>&nbsp;</P> Mon, 13 Nov 2023 13:26:45 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/2-Sites-with-same-VPN-domain-without-MEP/m-p/197810#M4394 Vladimir123 2023-11-13T13:26:45Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/2-Sites-with-same-VPN-domain-without-MEP/m-p/197831#M4395 <P>You should not disable MEP, since both GWs have the same VPN domain. Use manual selection of the GW to connect, that's it, or Primary/backup option, if you want it to be automatic.</P> <P>&nbsp;</P> <P>No need to edit ttm files.</P> Mon, 13 Nov 2023 14:55:19 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/2-Sites-with-same-VPN-domain-without-MEP/m-p/197831#M4395 _Val_ 2023-11-13T14:55:19Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/2-Sites-with-same-VPN-domain-without-MEP/m-p/197969#M4396 <P>Hey Val,</P><P>&nbsp;</P><P>Enabled MEP in global/advanced configuration&nbsp;</P><P>Enabled manual MEP in client_1.ttm file on Site1 cluster GWs and Site2 GW&nbsp;</P><P>- automatic_map_topology set to false&nbsp;</P><P>-&nbsp;ips_of_gws_in_mep set to external IPs of each GWs</P><P>-&nbsp;mep_mode set to client_decide&nbsp;</P><P>I got same result. First time would connect to Site1 but rest of connection&nbsp;<SPAN>attempts&nbsp;</SPAN>will fail imidiattely.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 15 Nov 2023 07:55:54 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/2-Sites-with-same-VPN-domain-without-MEP/m-p/197969#M4396 Vladimir123 2023-11-15T07:55:54Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/2-Sites-with-same-VPN-domain-without-MEP/m-p/197973#M4397 <P>I suggest you open a TAC request for that. This normally should work out of the box without issues.&nbsp;</P> Wed, 15 Nov 2023 08:02:37 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/2-Sites-with-same-VPN-domain-without-MEP/m-p/197973#M4397 _Val_ 2023-11-15T08:02:37Z