Manual MEP

For implicit MEP (the procedure used by SecureClient), the gateways have to belong to the same VPN domain for MEP to operate. For Endpoint Security VPN, if they are configured with Manual MEP, the gateways do not have to belong to the same VPN domain. Configure the TTM file of each gateway.

To configure the gateways for MEP:

On a gateway, open the $FWDIR/conf/trac_client_1.ttm file.
Search for the enable_gw_resolving attribute:
Copy
```
:enable_gw_resolving (
  :gateway (
    :default (true)
  )
)
```
Make sure the attribute is set to its default value: true.
Search for the automatic_mep_topology attribute, and make sure its value is false.
Manually add the mep_mode attribute:
Copy
```
:mep_mode (
    :gateway (
       :default (xxx)
    )
)
```
Where xxx is a valid value:
- first_to_respond
- primary_backup
- load_sharing
- dns_based - Use this to configure Geo-Clusters.
Manually add the ips_of_gws_in_mep attribute:
Copy
```
:ips_of_gws_in_mep (
    :gateway (
      :default (192.168.53.220)
    )
)
```
These are the IP addresses the client must try.
- IP addresses are separated by an ampersand and hash symbol.
- The last IP address from the list has a final.
Save the file.
Install the policy.