To resolve this issue:
- For an A/A cluster configure VPN Tunneling IP filters for each node that are unique to that node. This would apply for 2 or more A/A cluster nodes that all use the same virtual IP address range. To do this go to System > Network > VPN Tunneling > IP filter and configure filters on each node that are unique to that node.
- For IP Pools that are not on the same subnet as the internal interface of the PCS device, it is necessary to create manual routes on edge routers that route the VPN tunneling pool to the internal port of the PCS device.
If there is no route on the network that points virtual IP pool to the appropriate appliance or appliance interface, it is possible that ARP will eventually learn the routes and populate them, but until this occurs, VPN tunneling users will not have access to resources because a route is missing.