52 Initial SetupJoining a VPN Gateway to an Existing ClusterAfter having installed the first VPN Gateway in a cluster, additional NVGsmay be added to the same cluster by specifying the Management IPaddress (MIP) that identifies the cluster. When you are installing the VPNGateway to join an existing cluster, less information is needed becausethe new VPN Gateway will fetch most of the configuration from the otherNVG(s) in the cluster.The following applies when joining a new VPN Gateway to an existingcluster:• If the VPN Gateway you are about to join is installed on a differentsubnet than existing NVGs, this new device must be configured as aslave. Master NVGs cannot exist on different subnets.• If the Access list consists of entries (for example, IP addresses forcontrol of Telnet and SSH access), also add the cluster’s MIP, theexisting VPN Gateway’s host IP address on Interface 1, and thehost IP address you have in mind for the new NVG to the Accesslist. This must be done before joining the new VPN Gateway,otherwise the devices will not be able to communicate. Use the/cfg/sys/accesslist command. If the Access list is empty, thisstep is not required.• If the VPN Gateway you are about to join has a different softwareversion than existing NVGs, install the preferred software version onthe new VPN Gateway before joining it (see “Reinstalling the Software”(page 70)) or upgrade the whole cluster to the same software versionas the new VPN Gateway (see “Performing Minor/Major ReleaseUpgrades” (page 74)). Use the /boot/software/cur command tocheck the currently installed software version.Setting up a One-Armed ConfigurationIf the currently installed VPN Gateway(s) in the cluster are set up for aone-armed configuration you probably want the new VPN Gateway to beset up similarly.When you log in after having started the VPN Gateway the first time, youwill enter the Setup menu.Step Action1 Choose join from the Setup menu to add a VPN Gateway toan existing cluster.Nortel VPN GatewayUser GuideNN46120-104 02.01 Standard14 April 2008Copyright © 2007-2008 Nortel Networks.