Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
abihsot__
Advisor

VPN topology update

Hi there,

Does anyone have this thing working? Maybe I am missing something, but for me it doesn't work.

1. Connect to VPN

2. Add new network to encryption domain

3. Install the policy

4. Wait for couple of hours

5. Try accessing newly added network - FAIL

 

Obviously if I disconnect/connect I can access new network.

 

Gateway R80.40 JHF125

 

topo.JPG

 

If I read it right, no additional settings needed and it should work out of the box.

Topology updates are downloaded to the client on a regular basis. In this way, the client is always aware of changes made in the network behind the gateway. Determine the frequency with which updated site details are downloaded to the client. By default, this takes place once a week but the value can be changed in the Hours box. In addition, determine whether this update occurs automatically or only when the SecuRemote/SecureClient starts.

0 Kudos
7 Replies
mcatanzaro
Employee
Employee

Hi,

This feature is legacy and no longer works with new clients from how I understand it. 

See sk152073 

0 Kudos
abihsot__
Advisor

ufff... Probably better not ask why this is still there in SmartConsole 🙂

Any other way to configure the same functionality? Maybe some setting exist on endpoint client? 

0 Kudos
mcatanzaro
Employee
Employee

It doesn't show in R81.10 SMC global properties so it has been removed in newer versions. 

I'm not aware of any other settings that can be be configured to mimic that feature.

Reauthentication or starting a new connection will fetch it though.

0 Kudos
the_rock
Legend
Legend

Also, IF any of interfaces changed, make sure to update interfaces WITHOUT topology in dashboard as well.

0 Kudos
K_montalvo
Advisor

Im taking a bet here but maybe you could establish a Site To Site IP SEC and inside the tunnel run internal BGP. You could try to lab it and see if its works, the other thing maybe is an auto reconnect option on the client VPN side and a script that every 1+ disconnect the clients (dirty method since possibly would be reporting disconnecting) maybe instead using 1 hours use 12 agaqin im kind of guessing here, never had donde this before except with the BGP part but not with CP.

0 Kudos
abihsot__
Advisor

Thanks for a suggestion, but disconnect/connect would be annoying as we use MFA. 

0 Kudos
K_montalvo
Advisor

ok NP

0 Kudos