- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Unable to access Azure cluster standby gateway via...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unable to access Azure cluster standby gateway via VPN
Hi Guys
I appreciate I'm probably missing something simple, but I'm unable to access a standby gateway (R80.30) from my on-prem management server (R80.30), via IPSec S2S VPN
mgt svr > on-prem primary gateway (R80.20) > vpn > azure primary gateway > azure standby gateway
Can't SSH or browse to GAIA portal
I can see traffic tcpdump reaching azure primary gateway, but nothing coming back from azure standby gateway
Tried 'fw ctl zdebug drop' on azure primary gateway - no output
Could someone please assist me?
Many thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What does traceroute show, where exactly is it failing? If you did zdebug on primary and you dont see anything for that specific IP, then its possible that route is missing.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I forget where it is, but there is an SK that outlines this. Its basically a ClusterXL limitation/feature :P.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree with dd84 - this is not supported. So no possibility for radius auth to on prem servers either.
We access the primary and secondary node over the public ip addresses given. VPN only used for application traffic.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could we get some kind of workaround utilizing a loopback interface on each of the nodes ? Grabbing som ip's that is transported in the VPN and the doing a UDR for those in specific ? (I have never tested this myself)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this, inability to access standby member over S2S VPN, still a limitation with R81.10 JHF Take_66?