[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] IPSO 3.2 and IP Redirects
No, but I would expect the Nokia to issue a redirect to the client telling it to use 192.168.12.1 -----Original Message----- From: Daniel Hitchcock [mailto:[email protected]] Sent: Tuesday, March 06, 2001 9:24 AM To: '[email protected]'; Tom Sevy Cc: Fw1-Wizards (E-mail); FWList (E-mail) Subject: RE: [FW1] IPSO 3.2 and IP Redirects Makes sense to me. You wouldn't want clients discovering the real IP address of any machines in a VRRP configuration, as this would negate the failover benefits of VRRP (same as Cisco HSRP, as mentioned below). Someone stop me if this thinking is incorrect. Dan Hitchcock CCNA, CCSE, MCSE Security Analyst Breakwater Security [email protected] http://www.breakwatersecurity.com -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, March 06, 2001 4:22 AM To: Tom Sevy Cc: Fw1-Wizards (E-mail); FWList (E-mail) Subject: Re: [FW1] IPSO 3.2 and IP Redirects Don't know about IPSO, but given the similarity between VRRP and HSRP, this may be a factor. On Cisco's the activation of HSRP automatically disables the ICMP redirect messages that the router would generate. Maybe the same applies? Tom Sevy <[email protected]>@lists.us.checkpoint.com on 06/03/2001 11:59:47 Sent by: [email protected] To: "Fw1-Wizards (E-mail)" <[email protected]>, "FWList (E-mail)" <[email protected]> cc: Subject: [FW1] IPSO 3.2 and IP Redirects If I have a local segment, 192.168.12./24, and in that segment I have another router (192.168.12.1 Local Segment: 192.168.12.0/24 Default Gateway: 192.168.12.2 (VRRP from 2 x IP440) Static Route in the IP440: 172.21.0.0/16 192.168.12.1 (router to other segment) When traffic goes from 192.168.12. via 192.168.12.2 destined for 172.21.x.x, shouldn't the IPSO issue an IP redirect for the correct route? I'm not seeing this when I sniff this scenario. Any thoughts? Suggestions? ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|