AnsweredAssumed Answered

Change of Firewall Public IP and Endpoint Security VPN

Question asked by Jan Kleinhans on Feb 20, 2018
Latest reply on Mar 22, 2018 by Jan Kleinhans

Hello,

 

we have to change our WAN IP.

How do we configure the distributed Endpoint Security VPN-Clients?

I have tried to use the options:

enable_gw_resolving = true

automatic_mep_topology="false"

mep_mode="dns_based"

 

and changed the dns entry for our site but it always connects to the old IP and do not try to establish a link to the new ip.

 

Another try where it seems to work is,

enable_gw_resolving = true

automatic_mep_topology="false"

mep_mode="primary_backup"

ips_of_gws_in_mep="ip_old&#ip_new&#"

 

This seems to work (tried routing the old ip to blackhole and see connections to the new ip). But how do I get the configuration to clients not connecting frequently.

Is the only way to publish a new client with a new configuration?

The problem is, that we have 2 different authentication methods configured. If we deploy a new client with a new configuration, the users have to manualy change the authentication method.

I tried to run "trac.exe update" from inside the network. But it only says that the ressources are already available an does not update its configuration from trac_default.ttm.

 

Has anybody that migrated to another ip with Endpoint Security Clients a tip?

 

Greetings,

 

Jan

Outcomes