Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ERTK
Contributor
Contributor

Vpn remote acces mab agains cluster with only private addres

Hi,

A customer had a cluster only with private range addres. 

On this cluster it had configured vpn remote acces making Nat on isp provider.

Recently they need to move Nat from isp to this cluster....but client cannot reach. 

Is it possible to make than this cluster make also this kind of Nat ( public interface is not configure on this cluster but isp provider route one public ip address for.thqt purpose)?

0 Kudos
8 Replies
G_W_Albrecht
Legend Legend
Legend

If the ISP routes a public IP to a cluster, the cluster needs a WAN interface with that public IP that also should be part of the Remote Access community.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
ERTK
Contributor
Contributor

i understand. maybe creating an cluster interface with this public ip address like vip.....and configuring rules and vpn link selecction could it be.

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Otherwise, the cluster will not feel responsible for this public IP...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
ERTK
Contributor
Contributor

I just create a dummy cluster interface with this public ip address like via pf this dummy....it is a internal interface..it means than the traffic must in for current transport interface between isp provider and this cluster. 

Vpn client connect but...after a few minutes it disconnect

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Afaik this can not work with an internal interface. Look into GW and RA client logs to see the reason the connection is lost!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
ERTK
Contributor
Contributor

sorry, the topology interface config like an external....i want to say that this interface is behind firewall in flow....

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Should be the external/WAN VIP interface of the cluster according to Remote Access Admin Guide. I would suggest to contact TAC as there may be a special config making this possible.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
ERTK
Contributor
Contributor

i'll do. Thanks

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events