Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SA4000 cluster and NC

SOLVED
Go to solution
Dimitry_
Not applicable
‎03-17-2008 02:13:AM
‎03-17-2008 02:13:AM

SA4000 cluster and NC

hey all,

got a pair of SA4000 in A/P mode and IVS's.

when a client using a NC and failover accoures, the NC is reconnecting but no traffic is passing,

not even when signing in again, only when failing over again traffic is passing

i read the admin guide that i should use IP FILTERS but there's a * which mean that everything is passing

i'm using 6.0r3.1

please help

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
player_
Frequent Contributor
‎03-17-2008 11:02:AM
‎03-17-2008 11:02:AM

Re: SA4000 cluster and NC

issue solved,

for each node in the cluster a NC ip pool must be configured in the IVS - per node not per cluster!

now when a client connects using NC it gets an ip address from the active node and when a failover occures

the NC status is reconnecting and getting a new ip address from the new active node :-)

player

Message Edited by player on 03-17-2008 11:04 AM

View solution in original post

0 Kudos
7 REPLIES 7
Kifah_
Occasional Contributor
‎03-17-2008 08:01:AM
‎03-17-2008 08:01:AM

Re: SA4000 cluster and NC

Hello Dimitry,

maybe you have an routing issue.

Is the IP-Pool, which you are use for your NC-client, in the same subnet as the internal NIC's from your SA's?

If not i think that you have a routing entry, for this Pool, on the next hop which points to the first SA. In this case the back route can't work after an fail-over.

The IP-Filters on the SA are used therefor that you can have differnet IP-Pools on each SA. Then you can use differnet routes for each pool.

Greetings

Kifah

0 Kudos
ben_
Frequent Contributor
‎03-17-2008 08:12:AM
‎03-17-2008 08:12:AM

Re: SA4000 cluster and NC

Where should the last hop's route poin to? the internal VIP of the IVE?

If the IVE would support RIP / OSPF such things would be easier...

Message Edited by ben on 03-17-2008 04:14 PM
0 Kudos
player_
Frequent Contributor
‎03-17-2008 11:02:AM
‎03-17-2008 11:02:AM

Re: SA4000 cluster and NC

issue solved,

for each node in the cluster a NC ip pool must be configured in the IVS - per node not per cluster!

now when a client connects using NC it gets an ip address from the active node and when a failover occures

the NC status is reconnecting and getting a new ip address from the new active node :-)

player

Message Edited by player on 03-17-2008 11:04 AM
0 Kudos
ben_
Frequent Contributor
‎03-19-2008 12:52:AM
‎03-19-2008 12:52:AM

Re: SA4000 cluster and NC

May the pool be the same then?

E.g. if you map an IP to a user via Radius attribute

0 Kudos
player_
Frequent Contributor
‎03-20-2008 10:45:PM
‎03-20-2008 10:45:PM

Re: SA4000 cluster and NC

Absolutly not!!

Doing this will crash the NC engine !!

It's is imperative to assign diffrent ip pool from the centeral NC pool that is configured in global IVS configuration when creating it's vlan,prefix url etc.

0 Kudos
MaxCere_
Not applicable
‎12-11-2012 01:27:AM
‎12-11-2012 01:27:AM

Re: SA4000 cluster and NC

This is an old discussion. Now in a A/P design you can use the same NC IP Pool on both the cluster memeber.

0 Kudos
zanyterp_
Respected Contributor
‎12-27-2012 02:50:PM
‎12-27-2012 02:50:PM

Re: SA4000 cluster and NC

As long as your internal routes continue to point to the internal VIP for the Network Connect IP pool, yes, the shared pool is great
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.