I have 2 SA and I would like to set them up in Active/passive clustering mode, both internal and external interfaces traffic will be point toward the firewall ( we have only 1 FW). I also have 2 user groups, Finance and Accounting.
Looking at the active/.passive topology map on this page http://www.juniper.net/techpubs/software/ive/guides/howtos/How_To_IVE_Cluster.pdf , it seems like I need to create 4 vlan/subnets?:
vlan1, subnet 1: external interfaces and external cluster vip - using public IPs
vlan 2, subnet 2: internal iinterfaces and intrernal cluster vip - using private IPs
vlan 3, subnet 3: Accounting user group (where do I create the Ip address pool for this group? on external DHCP server ort can it be done on the SA?
vlan 4, subnet 4: Finance user group (same question as above, where do I create the Ip address pool for this group? on external DHCP server ort can it be done on the SA?ance four yur time.
Im stuck at this point and cant proceed before i have a clear picture of the topology map.
Any input is greatly appreciated, Cheers
didn't get it if you're reffering t oa Layer3 VPN Deployment or some other functionality.
If it's Layer3 VPN
Don't forget to secure your administrativ access
Dear after1 -
If you are not using layer 3 VPN (Network Connect), your 3rd and 4th address ranges are not required, as all traffic for the user (WSAM, TS, web rewriting, etc.) will be sourced from the internal address of the SA.
If you are using Network Connect, you can assign the 3rd and 4th ranges from a DHCP server, or from a range configured on the SA. You want to look under Network Policies >> Network Connect >> NC Connection Profiles. A NC connection profile is also used to set DNS and proxy information for the role. These can be in the same subnet as the internal interface of the SA. If they are not, you will need to create static route entries in the default gateway router for the SA to route these subnets to the internal interface of the SA.
Hope this is helpful.