Does anyone have a good understanding of how FW-1 does its VPN tunnelling selection in a multiple Firewall encryption domain.
I currently have a couple of branches that have dual T-1s going into separate Nokia 330s. What I want is for both branches to have both high availability and to use both circuits. Each 330 is currently being told to connect to a particular but separate FW back at the main office. So as it stands each VPN tunnel is completely separate of the other.
Here is my question. If I remove the forced peering rule for each VPN tunnel how does FW-1 determine which firewall to connect to? Both Firewalls at the branch have the same Encryption Domain as do the Main office FWs. I am concerned that if I turn off the forced peering and one of the Firewalls dies then I will lose connectivity completely because FW-1 doesn't know to try the other tunnel.
Any comments would be appreciated.
***********************************************************************
Gruntal & Co., L.L.C.'s e-mail system is for business purposes only.
Messages are not confidential. All e-mail may be reviewed by
authorized supervisors, compliance or internal audit personnel.
E-mail will be archived for at least three years and may be produced
to regulatory agencies or others with a legal right to access such
information. Gruntal will not accept trade order instructions via
e-mail. Please telephone your Account Executive to place trade orders.
Gruntal & Co., L.L.C.
***********************************************************************
