If the Nokia was not installed as HA, you will need to reinstall the Nokia with the HA option. In addition, in HA you will need to configure a gateway cluster for your vpns.
Also, be sure to upgrade to at least IPSO 3.3. Further, IPSO 3.4.1 supports ssh2 and additional options. When you run your vpns, the gateway will fragment the packets if they exceed the MTU size, but the host may not receive ICMP Type 3, Code 4 messages and the servers end up dropping the connection. So, I suggest downloading modzap from the Nokia site and intstalling that also so you don't run into any problems with your VPN's. Check out Res 3370 for the downloads. Good luck. --Mike Billingsley -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hoerichs, Chris Sent: Thursday, September 27, 2001 5:25 PM To: '[EMAIL PROTECTED]' Subject: 1 CPFW1/VPN1 into 2 I have a client who wants to move a single enterprise CP FW1/VPN1 FW and management server, into 2 Nokia's in an HA configuration and a separate management station. Problem: about 12 FW/VPN modules ONLY currently running FW/VPNs with and communicating with the FW/MGT server, and since this is a live 24x7 environment, the easiest least configuration change plan is required. My plan: Setup the management station behind the Nokia FW HA and NAT the management station to the Nokia FW HA. Anybody ever try this, and what advise can you give me. Thanks _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
