Checkpoint VPN Interoperability Woes!
Nimesh Vakharia
nvakhari at HOTJOBS.COM
Wed Dec 27 15:37:25 EST 2000
So a single Nokia/CP firewall and VPNet VSU, tunnel established no
problem. Come VRRP and HA, now you run into all sorts of problems. Your
tunnel endpoint is the VIP, but when you try and do that, the reply coming
from the CP firewall (ie the source IP) is the interface IP on the
firewall.
This COMPLETELY breaks how TCP/IP works. If you are thinking in a
Checkpoint sense of object and IP/interfaces on that object it makes
sense, but thats not how other firewalls/VPN equipment work. I don't know
what checkpoint is trying to do to fix it! Anyone have any ideas.
Summary: Nokia/Checkpoint fw with VRRP does not interoperate any other
vendor solution.
Nimesh.
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list