Hi Janis, I could be wrong but I don't think you can control the Nokia NOT to be either a DR or BDR. You can, however, do that with cisco router via "ip ospf priority 0" on the interface. You said that that you didn't have problems with failover. Well, that's is because you did NOT reboot the Active Firewall. Had you reboot the Active firewall, after the primary firewall comes back online, your routes would disappear because the Cisco routers get confused. I currently have a Nokia TAC case opened just for this. We can talk more about it if you like. The other thing is that the cisco devices should see ONLY the NOKIA neighbor via it VRRP IP address. In other words, when you do "show ip ospf neighbor" on the cisco router, it should be neighbor ONLY with VRRP IP address, NOTHING ELSE. NO physcial IP adres whatsoever. In IPSO 3.9 or higher, in ospf you have to enable ospf for VRRP. Anyway, Nokia acknowledged that it is a problem and they are trying to fix this in later release of IPSO. If I am not making any senses, you can contact me offline and we can talk more about this. But it seems to me, and I could wrong, that you still have problems with OSPF, you just do not it yet. regards, cisco4ng
Janis Myers <[EMAIL PROTECTED]> wrote: Hi cisco4ng, As mentioned long time before - here comes our feedback: We did the installation today with two Nokia IP330 with IPSO 3.9 Build 045 using OSPF and VRRP/Monitored Circuits and four Cisco routers (2 on each firewall side, one router of each side is DR, the Nokia's don't become DR or BDR). OSPF works well (OSPF routing table can be seen on both firewalls). We are able to see the ip address of the physical firewall interface from the active firewall node (vrrp master) in the routing tables of the routers. Switching from one Nokia to the other takes less than 2 seconds. After this time new connections are working fine. Existing connections are broken during the switch but in the specific customer environment that's acceptable. Best Regards, Janis __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Brings words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
