2x SDX setup with HA, PepVPN issues

Odd-Reidar_Fuglestad · November 15, 2022, 7:31am

Hi all,

After my attempt in having this issue solved through ticket, I turn to you for your expert knowledge.

The setup is two Balance SDX with high availability. Nothing fancy on the LAN side, but customer equipment is going to utilize PepVPN for remote connections.
The HA bit is working just fine, the problem is getting the PepVPN to work.

To emulate the WAN connections at the customer site, I have setup a TST. When I use port forwarding of TCP 32015 and UDP 4500 to the virtual IP, PepVPN is not working. Only when I use the actual interface addresses. As I can’t use port forwarding to two different addresses, this is where my setup fails.

Any idea why port forwarding will not work towards the virtual IP address, and do any of you have an idea for a workaround?

Thanks.

Odd-Reidar_Fuglestad · December 21, 2022, 5:11pm

For others who may wonder, you can’t use drop-in mode in this environment. I had to make use of a second subnet for use on the LAN side. That solved most issues. A second detail was that the WAN interface on both SDX needed the same IP.

Got this information in the end through my ticket, but the setup in the PCE training should not indicate you need to use drop-in mode in a HA setup at all.