Re: Cluster problem SA 6500

SSL VPN DESTEK_ · ‎01-18-2014

Hi all,

Today active have access to the device has been lost, but the backup device does not work.

The working principle of active / passive

active device name: IDC-INT-VPN-02 , ip adress:172.30.25.14 (not working)

passive device name: IDC-INT-VPN-01 , ip adress:172.30.25.13 (is working)

How can solutions ? I can not vpn service.

Thank you for your help in this matter.

Red1_ · ‎05-26-2009

your VPN service is running on IDC-INT-VPN2 , are you able to connect vpn from client with the actual config?

if you click failover VIP , you will change which member will own VIPs (Virtual IP : Internal/external)

Please read the below link that may help you to troubleshoot your cluster

https://www.juniper.net/techpubs/en_US/sa7.4/topics/reference/general/secure-access-clustering-troub...

Regards

Red1

if this worked for you, kindly help other visitors/members of our community by tagging this post as "Accepted Solution".
Kudos are good way of appreciation.
-------------
Red1
JNCIE-SEC #158, JNCIS- ( FWV, SA, AC )

jayLaiz_ · ‎11-25-2009

HI,

Connect console cable to 02 node, check the output

Navigate to clustering status and try clicking failover VIP.

Regards,

Jay

dcns-sa-prg_ · ‎09-04-2012

Hi,

I recommend to upgrade to last 7.1r17 version. We had many cluster issues with a lower version.

Red1_ · ‎01-18-2014

Hi

Could you please post the software version installed on your SA plaftorm

Please check the below link :

http://www.juniper.net/techpubs/en_US/sa8.0/topics/concept/secure-access-clustering-license-informat...

Regards

Red1

SSL VPN DESTEK_ · ‎01-18-2014

System Version
7.1R4 (build 19243)

License information:

There is no problem in the licenses....

Installed license details:

Maximum Concurrent Users: 1500

	IDC-INT-VPN-01 - (1500 users , 1000 cluster users ) Licensing Hardware ID: 0241MGXXX0OMX1XX	4 licenses
1.	Add 1000 simultaneous users to SA 6500 Key: motor waltz tassel clip profit melody molecule	Permanent
2.	Add 500 simultaneous users to SA 6500 Key: mountain cage tower clip radio pinwheel roof	Permanent
3.	Clustering: Allow 1000 additional users to be shared from another SA 6500 Key: motor cookie molding heat pizza shield molecule	Permanent
4.	Instant Virtual System for SA 6500 Key: rate banquet picture title turf shield papaya	Permanent
	IDC-INT-VPN-02 - (1500 cluster users ) Licensing Hardware ID: 0241MUXXX0OQX1XX	2 licenses
1.	Clustering: Allow 1000 additional users to be shared from another SA 6500 Key: book delegate wedge tofu trolley meaning raft	Permanent
2.	Clustering: Allow 500 additional users to be shared from another SA 6500 Key: vigor jaw location defense poplar picture speaker	Permanent

Red1_ · ‎01-18-2014

Ok , let's discuss the original issue which is the clustering issue , as you can see in the logs , you have a flapping between your SA devices , as they is many messages kind of node unreachable , node reachable in your system logs ,

did you try to failover the VIP to the second device which you said is working ,

did you check the internal link (connected to internal NICs) for both nodes to make sure the fallaping is not due to cabling.

could you please post screenshot of cluster status (Menu clustering --> Cluster status)

Regards

SSL VPN DESTEK_ · ‎01-18-2014

Hi Red1,

Thanking you in advance what is failover VIP ? , What does it do failover VIP ?

I did not know what to failover without making sure you do not want to try.

Cluster status is attached.

Thank you for your help in this matter.

SSL VPN DESTEK_ · ‎01-18-2014

by the way device "IDC-INT-VPN-02" in no wise no access ( 172.30.25.14 no ping ,no tracert etc.....))

TURKTELEKOM

SSL VPN DESTEK_ · ‎01-18-2014

No, I can not service

Thousands of people can not vpn connection.

For example:

https://sslvpn.example.com/vpn

sign page not found error 404

In addition, you have stated I'm looking above link.

Yours sincerely.

TURKTELEKOM