Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] VPN CISCO <-> FW-1 Cluster

To: "Fw-1-Mailinglist (E-Mail)" <[email protected]>
Subject: [FW1] VPN CISCO <-> FW-1 Cluster
From: Michael Böing <[email protected]>
Date: Fri, 5 Jan 2001 09:46:48 +0100
Sender: [email protected]

Hi everyone,

I try to get a redundant VPN (IKE, preshared) tunnel between a FW-1 clustern
and a CISCO Router to work. Using another FW-1 on the remote side I
experience no problems.

I have a the following cluster setup:

- Stonebeat Fullcluster 2.0 SP1
- FW-1 4.1 SP2
- Solaris 7.0

On the interface where I try to set up the VPN I route all traffic through
the cluster IP. 

First negotiation is fine (when all VPN connection tables are cleared and
the SA table on the CISCO is clear also). When forcing it to use my second
node. It renegotiates the IKE connection and builds up the tunnel. 

When I switch back again, it says on the CISCO that I have an invalid SA.

Same thing if I use the cluster as a hotstandby solution. The only thing
that helped (but not always) it to set the key-timeout values to the minimum
on both sides.

Thanx

Michael Boeing


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: AW: [FW1] Hybrid IKE
Next by Date: [FW1] ssh client for Nokia Communicator?
Previous by thread: AW: [FW1] Hybrid IKE
Next by thread: [FW1] ssh client for Nokia Communicator?
Index(es):
- Date
- Thread