-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dennis Breithaupt <[EMAIL PROTECTED]> wrote: > > Do you use site-to-site VPN's besides SR/SC with VRRP-nodes, too? > Because in the case of site-to-site, traffic could be originating/ > initiated from our node, too. In that case we would need the VRRP-IP > as source and not the physical IP, too.
Yes, we use site-to-site VPN extensively using VRRP IP's between clusters. None of the VPN code appears to use the Hide NAT features to choose the originating/receiving IP for the IPSEC and IKE packets. The Hide NAT setting does not disturb the correct operation thereof, so we disable it. We do perform manual Hide NAT in the address translation table, and this also works independently of the setting, and works well. - -- David DeSimone == Network Admin == [EMAIL PROTECTED] "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGojKXFSrKRjX5eCoRAuMPAJ9qbD9oH0UiaHIEKltiE0l4Ac9qxACfS6aA OVHI/7sHRTsk7FmhljutOL8= =HW9d -----END PGP SIGNATURE----- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
