- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Re: MEP and SNX Load Balance on Azure
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MEP and SNX Load Balance on Azure
this is a set of videos showing how to configure a VMSS to be HUB of C2S VPN by using MEP for IPsec clients and Azure LB for SNX (Clientless VPN)
This was done manually on the first video, then worked on a bash script launched by the CME (so can also work on an ASG of AWS) that do all the manual process by itself so we need only to choose how many gateways we want to terminate the VPN.
The code is here;
https://github.com/christiancastilloporras/sslvpncme
SPECIAL THANKS TO RYAN DARST!
video of manual way (described on the attached doc)
video showing the automation by the bash scripting
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for creating these procedures. I have a question specific to the IPSec VPN client and the Scale Set's. Is there a way to gracefully bring down one of the VM's created in the Scale Set without impacting connected VPN clients? If you spin up a new vm in the scale set and manually configure it. It will immediately start accepting VPN client connections. But if we wanted to scale one of the VM's down(or say wanted to apply a hotfix)? Is there a way to preventing the gateway from accepting any new connections so that it could be patched or removed from the scale set when the vpn client connections get down to 0. We did some initial tests and the VPN client connections do not appear to be state-full across the load balancer. So when the gateway I was connected to was taken out of service, my vpn connection was dropped.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MEP is not a cluster so it's expected to not have sync on the sessions.
Until now I'm still thinking on that Scale-In events, the solution was provided to a customer in this way and he accept to monitor the GW and destroy the least used and apply policy to disappear it from the client list.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thankyou @ChristianCastil for the very informative video. Can I please ask few questions:
Is Azure traffic manager required to achieve GEO load balancing. I see the option of dns_based under mep, as we want the option of EMEA users logging to EMEA region and US users to US region. In the endpoint client we have both the regional scalesets (total 4 VMs). Does this mean the client will resolve to the scaleset based on the proximity and connect.
Is it possible to have a larger office mode networks than the default /24 to /16 etc.
Is it possible to use IP pool NAT in Azure instead of just hiding all traffic behind eth1 of the gateway. If so how to register the IP's in Azure env. If not I am worried about NAT port exhaustion given 1000's of users accessing same internal website etc.
