Re: [FW1] Nokia HA VPN Failover

Tue, 18 Jul 2000 12:53:13 -0700 


I agree, I don't believe 4.0 can handle failover of established VPN
Sessions.

I believe it is possible to support this with verion 4.1's Cluster
Configuration and it should work with VRRP/IPSO.  We are presently doing it
with Sun's configured with Stonebeat and the failover of VPN Sessions does
work.

I believe the problem with VRRP is that the virtual IP is basically used
for switching packets, hence for routers and neighboring systems to pass
packets to.  When establishing a VPN(4.0), the client (gateway or client)
is connecting and negiotating with the firewall's IP Address.  When failure
occurs, that address no longer exist, therefore reconnection is necessary.
With 4.1 clients will be connecting to the the VIP rather than the real ip
of one of the firewalls.

HC






"Carric Dooley" <[EMAIL PROTECTED]> on 07/18/2000 03:13:31 PM

To:   "David Wong" <[EMAIL PROTECTED]>,
      [EMAIL PROTECTED]
cc:    (bcc: Harry Chu/SIAC)
Subject:  Re: [FW1] Nokia HA VPN Failover





I don't think VPN will work with failover.  The VPN is created on that box
and does not translate over (if they don't have a fix for that yet).


----- Original Message -----
From: "David Wong" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 18, 2000 11:12 AM
Subject: [FW1] Nokia HA VPN Failover


>
> Does anyone have info on having Checkpoint 4.0 failover a Lan to Lan VPN
> (both using Checkpoint/Nokia IP440)? Failover for internet connectivity
> works, but the VPN does not. Can anyone verify whether this can or can
not
> be done? Is it a timing issue with ISAKMP?
>
> TIA,
> David
>
>
>
===========================================================================
=
====
>      To unsubscribe from this mailing list, please see the instructions
at
>                http://www.checkpoint.com/services/mailing.html
>
===========================================================================
=
====
>



===========================================================================
=====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
===========================================================================
=====






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to