Todd, thanks for the response. This is an L2 connection I'm talking about here. Both the Cisco Ethernet and Nokia Ethernet share the same segment, and this is the same segment I would like VRRP to peer up on.
Thanks, Ed -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Larson, Todd (LNG-DAY) Sent: Wednesday, January 17, 2007 5:29 PM To: [email protected] Subject: Re: [FW-1] VRRP Configuration between Nokia and Cisco? Hi Ed, The closet I've come this is a L2 Extension across DWDM between Datacenters. The problem is that VRRP needs to see its peer as a LAYER 2 device for VRRP to work and it will only tolerate ~50-60ms latency between peers. I've politely explained to Nokia, Cisco and Check Point that the time for L2 limitations for VRRP and ClusterXL is long past (Nokia is supposedly working on something). If the client was connected via MPLS across the internet I understand that this would work too, provided that you could keep the latency within tolerance. As for documentation, I don't have anything that I can share, however if you have access to a Nokia SE I know they could provide the "Official answer." Thought, would a GRE tunnel provide L2 connectivity between sights; this is something we discussed months ago but never pursued. Another note, Nokia uses Multicast for VRRP communication so the solution would need to support that. Hope this helps... -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Edward Sohn Sent: Wednesday, January 17, 2007 6:43 PM To: [email protected] Subject: Re: [FW-1] VRRP Configuration between Nokia and Cisco? Appreciate the response, Matt. Here's the scenario HQ LAN --- Cisco 2821 ----------- Frame Relay ---------- Cisco 2821 ---- Remote LAN \ / --- Nokia IPSO ---------- IPSec VPN ---------- Nokia IPSO --- Basically (if the diagram doesn't format correctly), the two LANs are redundantly linked via Frame and IPSec VPN (over the Internet). The Cisco Routers terminate the Frame connections, and the Nokia boxes are the VPN endpoints. I would like to create an HA gateway on each side so that the Cisco/Nokia looks like a single virtual gateway. Let me know. Thanks, Eddie From: Matthew Austin [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 17, 2007 3:21 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] VRRP Configuration between Nokia and Cisco? Ed, Are you talking something like this? LAN ---> Nokia VRRP Pair ----connected to--->Cisco HSRP VIP (or something of the sort)? If you mean configuring a Cisco device and a nokia device, as a VRRP pair... I don't think this would work, in addition, what type of application are you using this for, as in a Cisco IOS Router, and Nokia device, so if one is unavailable, the other takes the load? I just don't understand how you would even deploy something like this? If you can shed some more light on this, I'll see what else I may be able to help you with on this... Thanks, Matt ----- Original Message ---- From: Edward Sohn <[EMAIL PROTECTED]> To: [email protected] Sent: Wednesday, January 17, 2007 5:39:19 PM Subject: Re: [FW-1] VRRP Configuration between Nokia and Cisco? Ok, so while cisco4ng catches up on the Cisco IOS features, does anyone else have any experience configuring this interoperability? Somebody HAS to have come across this scenario, no? Thanks, Ed From: cisco4ng [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 17, 2007 1:45 PM To: Mailing list for discussion of Firewall-1 Cc: [EMAIL PROTECTED] Subject: Re: [FW-1] VRRP Configuration between Nokia and Cisco? Cisco IOS uses HSRP. Pix uses something else. VPN Concentrator uses VRRP (I am not sure about this one). Nokia uses VRRP. Nokia does not use HSRP. You can not configure the Nokia to use HSRP and you can not configure a Cisco IOS to use VRRP. Simple as that. You said that you work with Cisco devices, you should know these things. Edward Sohn <[EMAIL PROTECTED]> wrote: Does anyone have any experience configuring Nokia and Cisco together for VRRP? Since I primarily work with Cisco devices, I know that the Cisco-side is very simple and straight forward, but I do not have experience with Nokia in this capacity. Please let me know ASAP as this is for an urgent client need. Thanks, Ed ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= _____ Bored stiff? <http://us.rd.yahoo.com/evt=49935/*http:/games.yahoo.com> Loosen up... Download and <http://us.rd.yahoo.com/evt=49935/*http:/games.yahoo.com> play hundreds of games for free on Yahoo! Games. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ________________________________________ Need Mail bonding? Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
