74 Novell Access Manager 3.1 SP2 SSL VPN Server Guidenovdocx (en) 16 April 20106 Assign all SSL VPN servers to the cluster.For more information, see Section 5.3.2, “Adding an SSL VPN Server to a Cluster,” onpage 70.7 In the Administration Console, click Devices > SSL VPNs > Edit, then select the Gatewayconfiguration page. Configure specific listening IP addresses for Kiosk mode and Enterprisemodes. Configure specific listening IP addresses for Kiosk mode and Enterprise modes. Makesure that each of the cluster members are assigned to different IP pools for Enterprise mode.For more information, see Section 2.3, “Configuring the IP Address, Port, and NetworkAddress Translation (NAT),” on page 27.8 Accelerate the SSL VPN server by using the Access Gateway.For more information, see Chapter 2.2, “Accelerating the Traditional Novell SSL VPN,” onpage 23.9 To save your modifications, click OK, then click Update on the Configuration page.5.5 Clustering SSL VPNs by Using the AccessGateway without an L4 SwitchYou can install and run the SSL VPN self-monitoring and failover scripts on each SSL VPN serverin order to provide automatic monitoring and failover support for the SSL VPN servers that arebehind a Linux Access Gateway.When the health status of an SSL VPN server is bad, these scripts modify the iptables entries on thatserver to stop the Access Gateway from sending connection requests to that particular SSL VPNserver. When the SSL VPN server health status returns to normal, the scripts remove the iptablesentries and allow the Access Gateway to communicate with the SSL VPN server. You must performthe following tasks to configure load balancing and fault tolerance through the Access Gateway: Section 5.5.1, “Configuring the Access Gateway,” on page 74 Section 5.5.2, “Installing the Scripts,” on page 75 Section 5.5.3, “Testing the Scripts,” on page 755.5.1 Configuring the Access Gateway1 In the Administration Console, click Access Gateways > Edit > [Name of Reverse Proxy] >[Name of Proxy Service] > Web Servers.2 Add all the SSL VPN servers that are part of the failover group as origin Web servers to theproxy service that you have defined.3 Click TCP Connect Options.4 Select Round Robin in the Policy for Multiple Destination IP Addresses field.5 Select Enable Persistent Connections.6 Save your changes and update the Access Gateway.