Hi,
I have a frame relay network connecting my different
sites as well as a site to site VPN. Under 4.0 when
frame relay went down everything would fail over very
nicely to the VPN and my users didn't even know there
was a problem. However; under 4.1 I get the dreaded
"unknown established TCP packet" message when a
session already running on frame relay tries to use
the VPN.
I know I can fix this by defining
ALLOW_NON_SYN_RULEBASE_MATCH; however I don't want to
open any holes for all my other traffic by doing so.
I'm wondering if there is a way do this just for
predefined site to site VPNs.
If that won't work I can try getting my frame relay
routers to tunnel the traffic though the VPN thereby
creating new sessions when fail over happens, but
that's likely to get pretty complicated. Any other
ideas would be welcomed.
THX,
Pete Goodridge
__________________________________________________
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one Place.
http://shopping.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
