I suppose this is more of a router question than firewall question,
but given the hardware/software, this seemed like a good place to post.
I have a couple of Nokia routers running FW1 that I would like to
put into a failover configuration. Checkpoint will handle state
synchronization, but the actual router failover mechanism is left to the
VRRP implementation on the Nokias. According to RFC 2338 (as I read it),
VRRP provides a "master router" whose IP address can be assumed by a
"backup router."
For example, assume I have a master router at 10.100.20.1 and a backup
router at 10.100.20.2. If the master router fails, the backup router will
asssume the IP address 10.100.20.2, and any other configured IP addresses.
HSRP on Cisco equipment works a bit differently; there is a virtual IP
address shared among two or more routers. On my example above, the
routers would be configured at 10.100.20.2 and 10.100.20.3, and they
would share the virtual IP at 10.100.20.1.
My questions are:
1. Can VRRP be configured to use a virtual IP address like HSRP?
2. Are there any pros/cons to doing this?
3. Am I grossly misreading the standards here?
MAJ
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
