none
Always on VPN Failover Cluster

    Question

  • Hello Everyone, 

    i can't find anything related to setting up an always on VPN Failover Cluster!

    i'd like to use my fortigate as a load balancing hardware so that my AOV clients can switch to the second RRAS server if the connection to the first is interrupted.

    pretty simple setup really but i can't make it work...

    i have 2 RRAS servers setup as AOV servers. i can connect to each one individually but the switch has to be manual, i have to disconnect the client manually and reconnect it so that i switch to the second server. disconnecting the network card does't even disconnect the AOV connection it just stays connected to nothing basically

    anyone have any ideas on how to set this up ?

    thanks!


    Hitch Bardawil

    Monday, July 9, 2018 2:33 PM

All replies

  • Hi,

    Thanks for your question.

    Please check my understanding about this issue if it is correct. You have set up two RRASs for VPN failover, and need to perform connecting to each VPN manually within a switch.

    1) May I know now can you connect VPN when changing to another?  

    2) Would the switch configure VLAN in your environment and if the VPN servers in different VLAN?

    3) The VPN servers only have a NIC card behind NAT Router or 2 NICs as the Routers at the same time?

    4) Please any other network device functions between VPN servers and the switch in your environment like Radius server.

    Furthermore, regarding the deployment of VPN failover, we could check the following overview which provides an introduction to the configuration steps required to deploy Remote Access servers in a load-balanced cluster. Please refer to the following article to check the configuration of VPN server cluster.  

    https://docs.microsoft.com/en-us/windows-server/remote/remote-access/ras/cluster/configure/configure-a-remote-access-cluster

    Step 1: Deploy an Always on VPN server with Advanced options.

    Step 2: Prepare cluster servers.

    Step 3: Configure a load-balanced cluster.

    Step 4: Verify the cluster.

    Here’s another blog discussed about configuring NLB based on cluster of VPN servers for your reference.

    https://blogs.technet.microsoft.com/rrasblog/2009/07/02/how-to-configure-network-load-balancing-nlb-based-cluster-of-vpn-servers/

    Hope above information can help you. If I misunderstand your situations, please don’t hesitate to let me know.

    Highly appreciate your effort and time.

    Have a nice day!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Tuesday, July 10, 2018 3:08 AM
  • Hello Michael, 

    thanks for you answer!

    check out this small sketch that will answer some of you questions

    1) May I know now can you connect VPN when changing to another?  

    Currently i have to cut off the internet connection and reconnect to switch from RRAS 1 to RRAS 2 but the idea is to have AOV switch automatically (which it is not doing)

    2) Would the switch configure VLAN in your environment and if the VPN servers in different VLAN?

    both RRAS servers are in the same VLAN 

    3) The VPN servers only have a NIC card behind NAT Router or 2 NICs as the Routers at the same time?

    the sketch answers that

    4) Please any other network device functions between VPN servers and the switch in your environment like Radius server.

    RADIUS or NPS server in the LAN but thats independent 

    thanks!


    Hitch Bardawil

    Tuesday, July 10, 2018 12:38 PM
  • Also about the Articles,

    Come on Microsoft half the articles are still about Direct Access...

    all that is related to Load Balancing is about Direct Access..

    Cheers


    Hitch Bardawil

    Tuesday, July 10, 2018 2:25 PM
  • Hi,

    Thanks for your reply. 

    We can first deploy the two VPN servers and test clients working. Then we deploy NLB both on the servers, create the NLB cluster and add the two nodes as the following article,

    How to configure Network Load Balancing (NLB) based cluster of VPN Servers

    Reference link:

    https://itdvds.com/Training/DeployingServer2016HighlyAvailableVPN.aspx

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information. 

    Network Load Balancing

    Hope this helps.

    Highly appreciate your effort and time. If you have any question or concern, please feel free to let me know.

    Best regards,

    Michael 


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, July 11, 2018 9:48 AM
  • Btw, does Fail-Over Cluster role support RAS? Or is just NLB which supports it?

    MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.

    Friday, July 13, 2018 7:03 AM