This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Daniel_Kavan
Collaborator
‎2019-02-28 06:56 AM

office mode network/clusterXL HA/SSLVPN/network extender

Jump to solution

With ClusterXL HA (active/standby) RE: office mode network for SSLVPN (network extender mode) - Is it recommended to define one OM network for each member in the cluster (a seperate network for each member)?   Or is it recommended/required to have one office mode network defined (the same one) and configured one each member?  My guess is with HA, they'll be using one gw or the other so it's preferred to define the same network.

0 Kudos
Reply
2 Solutions

Accepted Solutions
Jerry
Leader
Leader
‎2019-02-28 08:47 AM

Jump to solution

Only one OfficeMode (MAB?) subnet for the whole SSLVPN NetX VPN Users - no need to create multiply OM subnets really. I don't get your point how HA is relevant to this ... have you ever used HA in Active/Passive mode before?

You know what VMAC stands for? or VIP on each "clusterred" interface? You don't need to worry about multiply OM subnets. Just make one, add to the config. and off you go Smiley Happy

Jerry

View solution in original post

0 Kudos
Reply
Daniel_Kavan
Collaborator
‎2019-05-23 08:25 AM
In response to Daniel_Kavan

Jump to solution

Per  case  6-0001647364

We are both right.  For Active/Active two sepeate ip pools are recommended.  For active/standby the same pool can be used on both nodes.
 
Each node what has been assigned, they are in sync.

View solution in original post

0 Kudos
Reply
4 Replies
Jerry
Leader
Leader
‎2019-02-28 08:47 AM

Jump to solution

Only one OfficeMode (MAB?) subnet for the whole SSLVPN NetX VPN Users - no need to create multiply OM subnets really. I don't get your point how HA is relevant to this ... have you ever used HA in Active/Passive mode before?

You know what VMAC stands for? or VIP on each "clusterred" interface? You don't need to worry about multiply OM subnets. Just make one, add to the config. and off you go Smiley Happy

Jerry

View solution in original post

0 Kudos
Reply
Daniel_Kavan
Collaborator
‎2019-05-22 11:01 AM
In response to Jerry

Jump to solution

Office Mode addresses can be allocated from an IP pool or by a DHCP server. If addresses are allocated from an IP pool, a separate IP pool must be defined for every cluster member. This prevents the allocation of the same IP address to different clients simultaneously.

I assume I route these to my INT-VIP IP, not the respective gws.

0 Kudos
Reply
Daniel_Kavan
Collaborator
‎2019-05-23 08:25 AM
In response to Daniel_Kavan

Jump to solution

Per  case  6-0001647364

We are both right.  For Active/Active two sepeate ip pools are recommended.  For active/standby the same pool can be used on both nodes.
 
Each node what has been assigned, they are in sync.

View solution in original post

0 Kudos
Reply
Vladimir
Champion
Champion
‎2019-05-23 09:54 AM
In response to Daniel_Kavan

Jump to solution

If you are assigning Office Mode IPs from the Pool, it makes sense to split it in two and serve half from each cluster member in HA configuration.

The reason for this is that if one of the unit has leased the IP to the client and then the failover has occurred, no duplicate IPs will be leased.

 

0 Kudos
Reply