Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

office mode network/clusterXL HA/SSLVPN/network extender

Jump to solution

With ClusterXL HA (active/standby) RE: office mode network for SSLVPN (network extender mode) - Is it recommended to define one OM network for each member in the cluster (a seperate network for each member)?   Or is it recommended/required to have one office mode network defined (the same one) and configured one each member?  My guess is with HA, they'll be using one gw or the other so it's preferred to define the same network.

0 Kudos
2 Solutions

Accepted Solutions
Highlighted
Platinum

Only one OfficeMode (MAB?) subnet for the whole SSLVPN NetX VPN Users - no need to create multiply OM subnets really. I don't get your point how HA is relevant to this ... have you ever used HA in Active/Passive mode before?

You know what VMAC stands for? or VIP on each "clusterred" interface? You don't need to worry about multiply OM subnets. Just make one, add to the config. and off you go Smiley Happy

Jerry

View solution in original post

0 Kudos

Per  case  6-0001647364

We are both right.  For Active/Active two sepeate ip pools are recommended.  For active/standby the same pool can be used on both nodes.
 
Each node what has been assigned, they are in sync.

View solution in original post

0 Kudos
4 Replies
Highlighted
Platinum

Only one OfficeMode (MAB?) subnet for the whole SSLVPN NetX VPN Users - no need to create multiply OM subnets really. I don't get your point how HA is relevant to this ... have you ever used HA in Active/Passive mode before?

You know what VMAC stands for? or VIP on each "clusterred" interface? You don't need to worry about multiply OM subnets. Just make one, add to the config. and off you go Smiley Happy

Jerry

View solution in original post

0 Kudos
Highlighted

Office Mode addresses can be allocated from an IP pool or by a DHCP server. If addresses are allocated from an IP pool, a separate IP pool must be defined for every cluster member. This prevents the allocation of the same IP address to different clients simultaneously.

I assume I route these to my INT-VIP IP, not the respective gws.

0 Kudos

Per  case  6-0001647364

We are both right.  For Active/Active two sepeate ip pools are recommended.  For active/standby the same pool can be used on both nodes.
 
Each node what has been assigned, they are in sync.

View solution in original post

0 Kudos
Highlighted
Pearl

If you are assigning Office Mode IPs from the Pool, it makes sense to split it in two and serve half from each cluster member in HA configuration.

The reason for this is that if one of the unit has leased the IP to the client and then the failover has occurred, no duplicate IPs will be leased.

 

0 Kudos