Short answer: no, not in the manner you described. (unless you are using an active/passive cluster in which case that is how the acces works)

Long anwer: Maybe; but nothing automatic unless you are in a cluster.

Is your DR site working together with your primary in a cluster configuration or in a completely stand-alone environment?

If it is working in a cluster, the client only connects to the one URL and will failover to the other node in event of failover; if you are using a different site/URL for access, users will need to manually connect to the DR site in the event of a failover behavior.

Thanks for the reply

The DR site is not working in a cluster, but as a standalone device,

I have not looked at options to make it into a cluster with the primary site.

This would protect against failure of the device, I was looking into failover in the event of internet link failure.

Looks like this is not an option with Juniper, just have to tell the users to connect to the other url?

Thanks

Roger

It depends on your network configuration.

If you can easily-ish change the DNS entry to point to the DR site and you have a 100% replica, including system.cfg with the certificate, there is no need to have users connect to the oher site manually.

If, however, only the user.cfg and not the certificate is ported OR it is not easy to change the DNS entry, and therefore using a different host name, yes, you will need to instruct your users to connect to the other site manually.

What about the case where the ssl certificate has a subjectAltName=DNSrimary.sslvpn.tld,DNS:secondary.sslvpn.tld

Would that allow two non identically named SA's to be backups for each other by installing this single cert on both?

If the same certificate is installed on both machines, then, yes, that should work.

Thanks. That's what I thought.

You are welcome; good luck!