Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] IPSO 3.2 and IP Redirects

To: "'Daniel Hitchcock'" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: RE: [FW1] IPSO 3.2 and IP Redirects
From: Tom Sevy <[email protected]>
Date: Tue, 6 Mar 2001 10:20:36 -0500
Cc: "Fw1-Wizards (E-mail)" <[email protected]>, "FWList (E-mail)" <[email protected]>
Sender: [email protected]

No, but I would expect the Nokia to issue a redirect to the client telling
it to use 192.168.12.1

-----Original Message-----
From: Daniel Hitchcock [mailto:[email protected]]
Sent: Tuesday, March 06, 2001 9:24 AM
To: '[email protected]'; Tom Sevy
Cc: Fw1-Wizards (E-mail); FWList (E-mail)
Subject: RE: [FW1] IPSO 3.2 and IP Redirects



Makes sense to me.  You wouldn't want clients discovering the real IP
address of any machines in a VRRP configuration, as this would negate the
failover benefits of VRRP (same as Cisco HSRP, as mentioned below).

Someone stop me if this thinking is incorrect.

Dan Hitchcock
CCNA, CCSE, MCSE
Security Analyst
Breakwater Security [email protected]
http://www.breakwatersecurity.com


-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Tuesday, March 06, 2001 4:22 AM
To: Tom Sevy
Cc: Fw1-Wizards (E-mail); FWList (E-mail)
Subject: Re: [FW1] IPSO 3.2 and IP Redirects



Don't know about IPSO, but given the similarity between VRRP and HSRP, this
may be a factor.  On Cisco's the activation of HSRP automatically disables
the ICMP redirect messages that the router would generate.  Maybe the same
applies?








Tom Sevy <[email protected]>@lists.us.checkpoint.com on 06/03/2001 11:59:47

Sent by:  [email protected]


To:   "Fw1-Wizards (E-mail)" <[email protected]>, "FWList
      (E-mail)" <[email protected]>
cc:
Subject:  [FW1] IPSO 3.2 and IP Redirects



If I have a local segment, 192.168.12./24, and in that segment I have
another router (192.168.12.1

Local Segment:  192.168.12.0/24

Default Gateway: 192.168.12.2 (VRRP from 2 x IP440)

Static Route in the IP440:  172.21.0.0/16 192.168.12.1 (router to other
segment)

When traffic goes from 192.168.12. via 192.168.12.2 destined for
172.21.x.x, shouldn't the IPSO issue an IP redirect for the correct route?
I'm not seeing this when I sniff this scenario.

Any thoughts?  Suggestions?



============================================================================
====

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====





============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- RE: [FW1] IPSO 3.2 and IP Redirects
  - From: "Jeff Hochberg" <[email protected]>

Prev by Date: [FW1] PIX to Firewall VPN Working Example Howto
Next by Date: [FW1] Management Console Upgrade
Previous by thread: RE: [FW1] IPSO 3.2 and IP Redirects
Next by thread: RE: [FW1] IPSO 3.2 and IP Redirects
Index(es):
- Date
- Thread