[FW1] Load Ballanced HA?

[Mark Squire <MSquire@FW1-NOSPAMdesonline.com>]

Title: Load Ballanced HA?

Greetings all,
I am new to this list and I have about a billion questions, but I will try to keep it to a minimum.

Lets say I have two Nokia boxes and I want to:
1. Have them running in active-active-standby HA.
2. VPN needs to be able to fail over.
3. SecuRemote needs to be able to fail over.

I have been digging and digging for the past couple of months for how to do this.  Does anyone either:

1. Know how to do this?
2. Know where I can read how to do this?

There are docs on both the Nokia site and on the checkpoint site, but they each detail configurations that involve active-passive standby, and I would like active active.

This was how I thought I might get it to work:

In a network topology where you have a remote site and a home site, you define in a rulebase firewall objects for both home firewalls, and the remote firewall.  You push that rulebase to both firewalls.  Make sure that each firewall has an encryption domain for its respective network.  Set up your source-destination-encrypt rule for your encryption domains, and source-destination-accept rule for all of the firewalls.  Then here is the kicker.  At the remote firewall, set up the source-destination-accept/encrypt rules just as normal, except in the network objects be sure you set up objects for both home firewalls, and be sure that the remote network's encryption domain is set to both of those objects.

I know that is really vague, and I have not been able to test it because of other technical glitches in our test environment, but maybe someone can give me some guidance and direction here.  Thanks for any suggestions you all might have in advance!

C:\Mark