cancel
Showing results for 
Search instead for 
Did you mean: 

SA4500 - IVS Cluster - Default VLAN issue with Network Connect - Bug or by design?

gamer004_
Contributor

SA4500 - IVS Cluster - Default VLAN issue with Network Connect - Bug or by design?

We have a SA4500 cluster running with IVS license running on 6.5R5. We have customers in IVS using NC only. We have shared authentication server on out MSP network. Server can be accessed through the internal port . When we make internal port the default VLAN in IVS, the SA connects to the shared auth server with the internal ports IP address ( that's what we want). However, enduser NC traffic for the IVS also ends up in the internal port instead of the IVS ( Unwanted; seen with TCP dump). Published apps / services do not appear in internal port but in IVS(?). So issue only with NC, not with reverse proxy.

when we make the IVS vlan the default vlan, the shared authentication server is accessed with the IVS ip address. This is an unwanted festure because than we have to perform NAT / routing for customer addresses on our MSP network.

So bottom line: Is this NC traffic ending up in the internal port network when default VLAN is internal port a bug or by design? We think it is not implemented correctly.

Ideas anyone?

1 REPLY 1
gamer004_
Contributor

Re: SA4500 - IVS Cluster - Default VLAN issue with Network Connect - Bug or by design?

To answer my own question ( we created a case for this a while ago). I hope this helps other IVS users with the same issue:

You can set the default VLAN to the internal port . Use the VLAN select box in the role options of NC ( inside your IVS). Select the customer VLAN for the role, then it works.

The MSP authentication traffic goes into the default VLAN (MSP) and the customer NC traffic goed into the IVS.