[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] VPN CISCO <-> FW-1 Cluster
Hi everyone, I try to get a redundant VPN (IKE, preshared) tunnel between a FW-1 clustern and a CISCO Router to work. Using another FW-1 on the remote side I experience no problems. I have a the following cluster setup: - Stonebeat Fullcluster 2.0 SP1 - FW-1 4.1 SP2 - Solaris 7.0 On the interface where I try to set up the VPN I route all traffic through the cluster IP. First negotiation is fine (when all VPN connection tables are cleared and the SA table on the CISCO is clear also). When forcing it to use my second node. It renegotiates the IKE connection and builds up the tunnel. When I switch back again, it says on the CISCO that I have an invalid SA. Same thing if I use the cluster as a hotstandby solution. The only thing that helped (but not always) it to set the key-timeout values to the minimum on both sides. Thanx Michael Boeing ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|