cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Alex_Gilis
Copper

VSX - Remote access on multiple VS

OK so a customer is having this scenario:

due to a merger, we have configured one new virtual firewall (vfw-xyz) that will also be used for the sub-company’s suppliers to connect via SSL Network Extender.

We configured SNX on this new firewall (vfw-xyz) and added it to the Remote Access community (so now the OLD vpn firewall (vfw-abc) and the new firewall (vfw-xyz) are part of the 1 default Remote Access community). A few days later we noticed that remote access on the OLD firewall (vfw-abc) stopped working. We removed the new one (vfw-xyz) from this community and now remote access works on BOTH gateways.

So here our questions:

1) Is this behavior expected? In other words: can only 1 GW be used in the Remote access community?

2) How come remote access now works on the 2 GWs even though only one of them is a member of the Remote Access community?

We thought of editing the MEP file, but it was confirmed by TAC that on VSX, there is only one that is shared by all systems. It's a specific case I never encountered before, I wondered iof the community had experience in this?

3 Replies
Admin
Admin

Re: VSX - Remote access on multiple VS

Pretty sure you can put multiple VSes (or gateways) in the default RemoteAccess community.

That said, it seems odd that it "works" with a VS that isn't in the RemoteAccess community.

TAC should probably be engaged to troubleshoot this.

0 Kudos
Alex_Gilis
Copper

Re: VSX - Remote access on multiple VS

Hi Dameon,

Thanks for the reply. I come here after contacting TAC, which suggests it's a VSX limitation.

I can only have one MEP definition file shared between all VS.

0 Kudos
Philip_W
Iron

Re: VSX - Remote access on multiple VS

Our customer has the exact same issue.

TAC told us to look at sk75221 and change a MEP parameter. Does not make sense if you ask me.

Indeed looks like a limitation...

0 Kudos