Re: SSL VPN Cluster pair SOW

lushan.jayawardh · ‎02-01-2012

Hi

I have two cluster pairs of SA6500 for SSL. one in the primary nad the other at DR. I have global load balancers for advertinsing the URL in both sites. SA 6500s are in a DMZ of firewall connecting with external port. and the internal port is connecting the internal FW.

Can some one tell me a High level statement of work for this.

Cheers

zanyterp_ · ‎02-03-2012

If you are load balancing with DNS, as it sounds like you are doing, it is not supported and will probably not work.

If your load balancer is set to source IP sticky, however, this should work. Users should be able to connect to whichever device as directed by the load balancer; the data will CONTINUE to be sent to the same unit. If you use DNS-based load balancing/round-robin load balancing, it will fail as there is no guarantee of connecting to the same unit for the duration of your session.

lushan.jayawardh · ‎02-05-2012

hi Zanyterp

I'll be using F5 GTMs and LTM for traffic management. Why are you telling this will not work?. can you please elaborate your answer s that It will help me to identify the issues.

Cheers

Lushan

zanyterp_ · ‎03-29-2012

sorry i missed your response.

round-robin/dns load balancing sends users to any one of your ives, regardless of if there is a session or not. when the session is sent to the wrong ip, the receiving ive drops the connection,, as it should