-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,
thank you for your explanations. But I've got one last set of questions :-) : - - Have you checked, that failover works smoothly in your setup without the vpn-tunnels to have to be reestablished? - - Do even local initiated tunnels source from the VRRP- und not the physical-IP? Without the specified switch turned on, I could not see the mechanism, which should control the source-IP to be the VRRP-IP. That's why I explicitly ask again... - - What special manual NAT rules are you talking of? Do you need manual NAT-rules for your VPN's to work or do you mean arbitrary other NAT-rules for "other" traffic? Thank you again for your time. I'll discuss this further with our CSP and CP as soon, as I've got your statements. Regards, Dennis David DeSimone schrieb: > Dennis Breithaupt <[EMAIL PROTECTED]> wrote: >> Do you use site-to-site VPN's besides SR/SC with VRRP-nodes, too? >> Because in the case of site-to-site, traffic could be originating/ >> initiated from our node, too. In that case we would need the VRRP-IP >> as source and not the physical IP, too. > > Yes, we use site-to-site VPN extensively using VRRP IP's between > clusters. None of the VPN code appears to use the Hide NAT features to > choose the originating/receiving IP for the IPSEC and IKE packets. The > Hide NAT setting does not disturb the correct operation thereof, so we > disable it. > > We do perform manual Hide NAT in the address translation table, and this > also works independently of the setting, and works well. > [...] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFGpRDMT+6It6VVS5kRAisHAJ9Kmn6F2eD0wA6UIkW5xZcg44NKOwCeJvnh 1XPj9cxgX4Grabd/LCmFx+U= =PXl8 -----END PGP SIGNATURE----- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
