This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Benedikt_Weissl
Advisor
‎2020-07-10 01:31 AM

Network Location Awareness and MEP

Jump to solution

Will the network location awareness setting "Interface-topology-based" work for any internal interface of any gateway in the remote access vpn community?

For example, lets say there are 2 GWs:
GW A is in the HQ in NY
GW B in a branch office somewhere else

GWs A and B are both in the remote access vpn community and the network location awareness setting "Interface-topology-based" is used. A user in the branch office has the endpoint security vpn client (with "auto-connect" enabled ) installed. Will his client establish a vpn tunnel to GW A through GW B?


0 Kudos
Reply
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion
Champion
‎2020-07-10 02:13 AM

Jump to solution

Hi @Benedikt_Weissl,

Multiple Entry Point (MEP) is a feature that provides a High Availability and Load Sharing solution for VPN connections. A Security Gateway on which the VPN module is installed provides a single point of entry to the internal network. It is the Security Gateway that makes the internal network "available" to remote machines. If a Security Gateway should become unavailable, the internal network too, is no longer available. A MEP environment has two or more Security Gateways both protecting and enabling access to the same VPN domain, providing peer Security Gateways with uninterrupted access.

You can use the following MEP selection methods for explicite MEP:

- first to respond                     > The first Security Gateway to reply to the peer Security Gateway is chosen.
- VPN domain                          >  If the destination IP address belongs to a particular VPN domain,
                                                       the Security Gateway of that domain becomes the chosen entry point.
- random selection                 > The remote peer randomly selects a Security Gateway, with which to open a VPN connection.
- manually set priority list     > Priorities of Security Gateways can be set manually for the entire VPN community,
                                                      or for individual satellite Security Gateways.

View solution in original post

Reply
1 Reply
HeikoAnkenbrand
Champion
Champion
‎2020-07-10 02:13 AM

Jump to solution

Hi @Benedikt_Weissl,

Multiple Entry Point (MEP) is a feature that provides a High Availability and Load Sharing solution for VPN connections. A Security Gateway on which the VPN module is installed provides a single point of entry to the internal network. It is the Security Gateway that makes the internal network "available" to remote machines. If a Security Gateway should become unavailable, the internal network too, is no longer available. A MEP environment has two or more Security Gateways both protecting and enabling access to the same VPN domain, providing peer Security Gateways with uninterrupted access.

You can use the following MEP selection methods for explicite MEP:

- first to respond                     > The first Security Gateway to reply to the peer Security Gateway is chosen.
- VPN domain                          >  If the destination IP address belongs to a particular VPN domain,
                                                       the Security Gateway of that domain becomes the chosen entry point.
- random selection                 > The remote peer randomly selects a Security Gateway, with which to open a VPN connection.
- manually set priority list     > Priorities of Security Gateways can be set manually for the entire VPN community,
                                                      or for individual satellite Security Gateways.

View solution in original post

Reply