Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

SSL Network Extender Issue

Hi team,

I am having a random issue with remote users connected to the RemoteAccess vpn.

Remote users can login to the portal and the office mode IP assigns correctly. We do not know why some times users cannot access the resource. When connections are being dropped logs show: "Drecipted and user method are not identical (vpn error code 1). It seems like that the gateway is identifying the users connections as a Site-to-Site communication from one of our peer gateways even when the encryption domains are not the same. 

This issue is presenting since we upgraded to R80.20.

So, we have some questions...

Do we need to configure static routes in the customer switch core?

We have a clusterXL HA deployment and different office mode segments are configured in the cluster members. We have detected that only with one member the issue is presenting. Do we need to use the same office mode pool in both cluster members?

 

Regards.

 

 

 

 

 

0 Kudos
Reply
2 Replies
Highlighted
Admin
Admin

Cluster members should be configured to use the Office Mode addresses.
Also your core routers/switches will likely need routes for the Office Mode addresses to point at the gateway, particularly if the default route doesn't go through the Security Gateway.
Highlighted
Leader
Leader

Gabriel,

if you had ClusterXL HA you can define the same office-mode network on both members.

As Dameon wrote, this office mode network need to be routed to your cluster.

Wolfgang

PS.: It is always a good idea to get the office mode IPs from an internal DHCP server