The following setup is for an Active/Passive cluster. The same setup applies to an Active/Active cluster, except that it does not matter which node we configure as the client in an A/A scenario.
The User Realm currently is set to use AD authentication server "SSLVPNAD", as seen in the following figure:
1. Enable User Record Synchronization on this AD authentication server and give a Logical Auth Server Name as seen in the following figure:
2. On the Active node of the cluster, configure User Record Synchronization as seen in the following example:
Active Node Internal IP : 10.209.69.71
Passive Node internal IP : 10.209.69.85
Cluster Internal VIP :
Note: In an A/P Cluster, set the Node Function as Client Only.
Under This Client, add the Passive Node Internal IP Address as Primary Server:
Under This Server, no configuration is required.
3. On the Passive node, configure User Record Synchronization as seen in the following figure:
Under This Client, add the Node itself.
Under This Server, add the node IP to the Peer Servers section and Active node IP to the Client Nodes section.
4. Enable User Record Synchronization on the LDAP Server SSLVPNLDAP, and enter the same Logical Auth Server Name.
The configuration is complete.
Now, sign in to the Cluster VIP IP and create two web bookmarks, as seen in the following figure:
Switch the Authentication Server under the REALM to the LDAP server, SSLVPNLABLDAP.
Now, sign in to the Cluster VIP again. You should see the user created bookmarks now synchronized.
The logs on both nodes show that the bookmarks synchronized correctly:
On Active Node:
On Passive Node :