[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] failover with NATting
Yes I looked into it, but the problem is that they don't want to purchase anything new. I havn't spoken to the reps at those companies but I am assuming the products are pretyy pricey. Thanks, Eugen B ----- Original Message ----- From: "Kim Longenbaugh" <[email protected]> To: <[email protected]> Sent: Friday, November 02, 2001 9:50 AM Subject: Re: [FW-1] failover with NATting > Have you looked into products like the LinkProof from Radware and Warp from Fatpipe? These appliances can combine t-1s, dsls, etc etc to provide redundancy and load balancing. They don't require BGP, and both provide answers to the DNS issues raised when multi-homed to two different ISPs and address ranges. urls are: > www.radware.com > www.fatpipeinc.com > > > >>> [email protected] 11/01/01 01:38PM >>> > Hey guys, > > I have an interesting proposal that I am working on for a client of mine. Please see the sample diagram at: > > http://www.macroscape.com/gifs/failover.gif > > Here is the scenario. I am trying to design a cheap failover solution. The customer does not want to pay for a full T-1 or even a frac, so BGP is out of the question with any DSL provider. > > As you can see from the diagram the external router will be doing all the work as far as NATing the UUnet ip addresses to the DSL provider's addressing scheme. I have a couple of concerns: > > 1. The customer has a HIDE nat for the internal network (hides them behind the firewall address). So when I have a static route on the DSL router to point to the NATes address of the firewall back to the UUnet router will all the HIDE NATs work? I am not so concerend with all the static NATs - that should be ok. > > 2. Second question involves IKE negotiation. If the remote firewall is setup to negotitate with the actual IP address of the NY firewall and also the NATted address(in case UUnet is down), will the negotiation work. I know someone who is doing this with the Cisco VPN solution. > > 3. Thidly and probably not lastly - How do I accomplish what I was talking about in #2 as far as setting up on the remote firewall to establish tunnels with both (the physical IP address of the firewall as well as the NATed) If I create another Firewall Object with the NATed Ip address of the firewall- I think that should work...right? > > Thanks for nay help, Eugene B > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|