it is possible to do what you want to do.
but you have to define dedicated hosts or networks to be routed to nokiaA (with backup nokiaB) and those for nokiaB (with backup nokiaA).
then define different NATs for these networks/hosts for differen IP-addresses and disable auto-ARP.
define proxy-ARPs for the nokiaA-IPs with the vrrp-MAC-nokiaA and the nokiaB-IPs with the vrrp-MAC-nokiaB. the 2 vrrps have different vrrp-MACs ... that's the way to define what IPs go primary over nokiaA and what IPs go primary over nokiaB.
is that clear?
cheers reinhard
At 20:29 03.12.2003, Can2002 wrote:
I have an interesting requirement for a Nokia/Firewall-1 HA pair. I'd like to be able to define a pair of IP530 for VRRP Monitored Circuit; however I'd like to define two backup IP addresses for each interface, making one of the IP530's the preferred master for one address, while the other IP530 is defined as the preferred master for the other backup IP address.
While it is straightforward to do this on the Nokia's, what I've been scratching my head over is how I configure the Firewall-1 objects in NG_AI. Normally I'd define gateway objects for the two IP530's using their physical interface IP addresses and then create a cluster object based on the backup address for each interface; however in this case I have two addresses.
I've made a rudimentary representation of what I'm trying to do below
________ ________ | | | | | Cisco1 | | Cisco2 | |________| |________| | | | | ______________________________________________________ | Ethernet Subnet | | | MC1-IP-PRI MC2-IP - PRI MC2-IP-SEC MC1-IP - SEC ________ ________ | | | | | Nokia1 | | Nokia2 | |________| |________|
Does anyone know if what I'm trying to achieve is possible?
Cheers, Chris
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
-- Reinhard Stich, ASSIST [EMAIL PROTECTED] Internet Security AG, 1150 Wien, Johnstrasse 29 Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-10
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
