Hi Guys
I am experiencing strange vpn client (E82.40) behaviour recently, following the addition of a new interface in my topology.
I have 2 x 5600 (R80.20) gateway clusters - primary and backup site
I have single vpn domain across both sites
Endpoint Connect VPN clients (on W10) have been connecting to primary site fine, all good
Following above change, clients:-
1) started connecting to the backup site at random
2) proxy settings on the client machines overwritten
3) certificate warning when connecting to backup site
I have disabled MEP via dbedit, but still connections to backup site continue
I have checked the MEP settings in each of the 4 gateway TTM files - all are configured as follows: -
A)
:automatic_mep_topology (
:gateway (
:map (
:false (false)
:true (true)
:client_decide (client_decide)
)
:default (true)
B)
:mep_mode (
:gateway (
:map (
:dns_based (dns_based)
:first_to_respond (first_to_respond)
:primary_backup (primary_backup)
:load_sharing (load_sharing)
:client_decide (client_decide)
)
:default (client_decide)
)
C)
:ips_of_gws_in_mep (
:gateway (
:default (client_decide)
I have checked the proxy settings for each TTM file and see my primary site gateway is configured: -
:do_proxy_replacement (
:gateway (
:default (false)
However my backup site gateway is configured: -
:do_proxy_replacement (
:gateway (
:default (client_decide)
Q- From the MEP config above am I correct in assuming the client is deciding upon which gateway to connect to?
Q - From the proxy config above am I correct to assume once clients connect to the backup site gateway, proxy settings are being overwritten/changed?
Q - Can someone confirm is there further config I require to create a primary/backup VPN solution where clients will connect only to the primary site as long as it is available, with the backup site available to make connections should primary fail?
Any help greatly appreciated!