2015-06-04 01:41 AM
I have difficulties setting up Intercluster peer for SnapVault on 2x 8.3 Clusters.
They are connected to each other through ipsec vpn. All IP ranges and all ports are set to allow, nothing gets blocked.
The authentication through passphrase goes instantly to "OK" but Availability goes from "pending" to "unavailable" in a few seconds.
The firewall policy is default, nothing set to block.
A few thing I find very odd:
Authentication and data interface work fine - icmp not
But then icmp works fine using a normal ping or specifiing the intercluster lif itself:
CLUSTER01::> network ping -lif CLUSTER01_INTERCLUSTER_lif1 -destination 192.168.2.1 -vserver CLUSTER01
192.168.2.1 is alive
Maybe you can help me out, many thanks!
Solved! SEE THE SOLUTION
2015-06-05 03:56 AM - edited 2015-06-05 03:57 AM
When we see "interface reachable" for the Data test, and "interface unreachable" for the ICMP test, it implies an MTU size conflict.
You may take a look at this KB:
Hope this helps!
2015-06-08 02:50 AM - edited 2015-06-08 02:51 AM
ok, sounds reasonable.
So all my interfaces are configured with 1500, expect the cluster which is set to 9000.
It`s the same on both Filers.
The interfaces on the Firewalls (Sophos UTM) that are between those Clusters are also set to 1500.
I can successfully ping the other cluster with the setting -disallow-fragmentation true and -disallow-fragmentation false.
The only thing I'm not sure about is the ISP MTU size.
But I would imagine the disallow-fragmentation setting true would kill the ping if there was the issue?!
Sorry, I'm really stuck