Jump to content
Welcome to our new Citrix community!

SSLVPN Clients unable to access vServers on secondary HA Pair whilst failed over.

Darren Bolton

Recommended Posts

We have two SDX 14020 appliances, one in each of our data centres. 

We have one HA  pair running 12.1 split between the appliances and this has been in place for 8 years. This pair is primarily used for our web services. 

We recently deployed a second HA Pair running 13.0 to use a dedicated SSLVPN solution to to keep it separate from the pair used for our web services. 

When we’ve recently been carrying out maintenance and failed over one the primary nodes of one of the HA pairs to the SDX in the second data centre all of our SSLVPN clients lose access to all vServers hosted on the web services pair. 

As soon as we move both primary nodes back to be on the same SDX access is resumed. 

Each of the SDX appliances have a pair of 10GbE adapters configured in a LACP pair and this pair is used for both the VPX appliances located on the SDX. 

When we first implemented our first Netscaler many year ago we had issues with failover and GARP so implemented vMAC. 

So each of the VPXs on the same SDX have a different vRID configured and this set to match on the second SDX. 

Can anyone shed any light of point me in the right direction. 

im thinking it’s to do with how the SDX is maybe not updating the MAC address table within the XenServer layer? Happy to be correct and steered to what to look at next though. 


Link to comment
Share on other sites

It would appear that the following explains it. 




However the solution is to disable VMAC. This however this was implemented to resolve issues with GARP during failover. 

I guess this means our only option is to configure another LACP channel and keep each VPX on each appliance on their own uplinks. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...