RE: [FW1] IPSO 3.2 and IP Redirects

Tue, 06 Mar 2001 06:20:08 -0800 


Makes sense to me.  You wouldn't want clients discovering the real IP
address of any machines in a VRRP configuration, as this would negate the
failover benefits of VRRP (same as Cisco HSRP, as mentioned below).

Someone stop me if this thinking is incorrect.

Dan Hitchcock
CCNA, CCSE, MCSE
Security Analyst
Breakwater Security Associates
206.770.0700 x147
[EMAIL PROTECTED]
http://www.breakwatersecurity.com


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 06, 2001 4:22 AM
To: Tom Sevy
Cc: Fw1-Wizards (E-mail); FWList (E-mail)
Subject: Re: [FW1] IPSO 3.2 and IP Redirects



Don't know about IPSO, but given the similarity between VRRP and HSRP, this
may be a factor.  On Cisco's the activation of HSRP automatically disables
the ICMP redirect messages that the router would generate.  Maybe the same
applies?








Tom Sevy <[EMAIL PROTECTED]>@lists.us.checkpoint.com on 06/03/2001 11:59:47

Sent by:  [EMAIL PROTECTED]


To:   "Fw1-Wizards (E-mail)" <[EMAIL PROTECTED]>, "FWList
      (E-mail)" <[EMAIL PROTECTED]>
cc:
Subject:  [FW1] IPSO 3.2 and IP Redirects



If I have a local segment, 192.168.12.xxx/24, and in that segment I have
another router (192.168.12.1

Local Segment:  192.168.12.0/24

Default Gateway: 192.168.12.2 (VRRP from 2 x IP440)

Static Route in the IP440:  172.21.0.0/16 192.168.12.1 (router to other
segment)

When traffic goes from 192.168.12.xxx via 192.168.12.2 destined for
172.21.x.x, shouldn't the IPSO issue an IP redirect for the correct route?
I'm not seeing this when I sniff this scenario.

Any thoughts?  Suggestions?



============================================================================
====

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====





============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to