Migrating from one VPN concentrator to 2 in a load-balancing coniguration

lganeva · ‎12-18-2003

I have one production VPN concentrator with some users defined locally and some defined on a ACS server.

I would like to migrate to a load-balancing configuration with a second VPN concentrator but I must keep the users and groups defined locally on the first VPN concentrator.

Any help would be greatly appreciated.

dlac455 · ‎12-18-2003

I implemented load balancing last year. I've had to manually synchronize the configs. Honestly, there have been some problems with getting configs out of synch.

lganeva · ‎12-18-2003

Hi,

Thank You for Your quick response.

Could You please tell me about authentication and authorization with external RADIUS server. Are there any problems when differnt users from the same group (with the same address pool) are connected to different devices from the cluster.

dlac455 · ‎12-18-2003

I only use authentication, not authorization, from an ACS server. I maintain the groups internally on the concentrators, and have to manually synch them. I have to mainatain separate address pools for each concentrator. Separate internal address pools worked,and then I migrated to separate DHCP pools and that worked ok also. Think of each device as still independently separate, just sharing an external IP. Once connected, the user is locked onto the same concentrator for the duration of the connection.

lganeva · ‎12-18-2003

Thank You very much for Your help. You will use my external RADIUS and I will tell You about the results.

Best Regards,

Lora