Thanks Reinhard, On Wed, 03 Dec 2003 23:30:08 +0100, "Reinhard Stich" <[EMAIL PROTECTED]> said: > > hi, > > it is possible to do what you want to do. > > but you have to define dedicated hosts or networks to be routed to nokiaA > (with backup nokiaB) and those for nokiaB (with backup nokiaA).
Agreed, and in fact this is exactly why we want to do this as we have two sites to which incoming traffic is routed via VRRP and in normal circumstances we want nominated traffic to be passed to both site. There is a WAN link between the two sites but we want to have control over what traffic traverses it. > > then define different NATs for these networks/hosts for differen > IP-addresses and disable auto-ARP. > > define proxy-ARPs for the nokiaA-IPs with the vrrp-MAC-nokiaA and the > nokiaB-IPs with the vrrp-MAC-nokiaB. the 2 vrrps have different vrrp-MACs > ... that's the way to define what IPs go primary over nokiaA and what IPs > go primary over nokiaB. > > is that clear? On the Nokia side, definitely. My uncertainty is how I configure this on the Firewall-1 side. I cannot see how I can configure the cluster object appropriately. > > cheers > reinhard ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
