Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
heavysoul
Participant

Unable to access Azure cluster standby gateway via VPN

Hi Guys

 

I appreciate I'm probably missing something simple, but I'm unable to access a standby gateway (R80.30) from my on-prem management server (R80.30), via IPSec S2S VPN

mgt svr > on-prem primary gateway (R80.20) > vpn > azure primary gateway > azure standby gateway

 

Can't SSH or browse to GAIA portal 

 

I can see traffic tcpdump reaching azure primary gateway, but nothing coming back from azure standby gateway

Tried 'fw ctl zdebug drop' on azure primary gateway - no output

 

Could someone please assist me?

Many thanks in advance

 

0 Kudos
5 Replies
the_rock
Legend
Legend

What does traceroute show, where exactly is it failing? If you did zdebug on primary and you dont see anything for that specific IP, then its possible that route is missing.

 

Andy

0 Kudos
dd84
Participant

I forget where it is, but there is an SK that outlines this.  Its basically a ClusterXL limitation/feature :P.

0 Kudos
Henrik_Noerr1
Advisor

I agree with dd84 - this is not supported. So no possibility for radius auth to on prem servers either.

We access the primary and secondary node over the public ip addresses given. VPN only used for application traffic.

0 Kudos
vinceneil666
Advisor

Could we get some kind of workaround utilizing a loopback interface on each of the nodes ? Grabbing som ip's that is transported in the VPN and the doing a UDR for those in specific ? (I have never tested this myself)

0 Kudos
Douglas_Rich
Contributor

Is this, inability to access standby member over S2S VPN, still a limitation with R81.10 JHF Take_66? 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.