Gary, Thanks for this. do you have any pointers to documentation around the link probing method? Been a long while since I've worked on Checkpoints in anger... Thx Stephen -------- Original Message -------- Subject: Re: [FW-1] VPN Failover From: Gary Scott <[email protected]> Date: Wed, June 09, 2010 3:51 pm To: [email protected]
If all endpoints were CP and manged by the same manager then you could use MEP with RIM or if both ends are CP with seperate(or same) managers define one object with both external IP's and use the link probing method to accomplish this. Being cisco on the far end I think you are looking at using NAT so the enc domains can be uniquely defined , no interop for the probing or MEP options. ________________________________ From: Stephen Jones <[email protected]> To: [email protected] Sent: Wed, June 9, 2010 9:55:02 AM Subject: [FW-1] VPN Failover Hi, Got an interesting conundrum here, and would be keen to know where to look for a documented solution (if there is one). Basically we have a partner site that has 2 VPN peering points - a primary and a DR. Both export the same address space to us. I believe the far end may be using Cisco. When we configure up our checkpoint to point to their end points, the checkpoints understandably complain about overlapping encryption domains. What we would like to do is designate one of the tunnels as a primary connection, and the other as a secondary only to be used in the event of a failure. Is this technically possible, or should we be looking to get them to change their encyrption domains and start doing a higher level of NAT? Many thanks Stephen Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
