NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] redoing putkeys with 4.1 HA pair



With an HA pair, does the mgmt talk to the cluster address or the physical
address of each cluster member?  I am curious because the admin (no longer
here) has the physical and cluster address in the fwauth.keys file on the
mgmt server.

-----Original Message-----
From: Thomas Leong [mailto:[email protected]]
Sent: Wednesday, August 28, 2002 2:12 AM
To: [email protected]
Subject: Re: [FW-1] redoing putkeys with 4.1 HA pair


YOu can try fw putkey -n <local machine IP> <destination machine IP> on
both manager and gateway instead of fw putkey <destination machine IP>.
NOrmally this would help to solve the problem.



Regards
Thomas Leong
Service Development
Network Specialist
Unilever GIO Asia
+65 6264 7049
As COOL as CUCUMBER

-----Original Message-----
From:   <Aaron Reynolds> [SMTP:[email protected]]
Sent:   Wednesday, August 28, 2002 3:46 AM
To:     [email protected]
Subject:        [FW-1] redoing putkeys with 4.1 HA pair

HA pair: IPSO 3.5 FCS8 / 4.1 SP6
Mgmt: Solaris 2.6 / 4.1 SP6

I have an HA pair with the internal IP addresses as the main IP address in
the general tab.  IPSec traffic is working fine, but it sounds like it
won't
when I upgrade to NG.  I would like to fix them now, but am concerned about
getting putkeys to work again.  I have a standalone gateway that is in the
same boat, and I cannot get the putkeys fixed.  I change the IP address on
the network object, save the policy, fwstop on both mgmt and gateway, redo
putkeys, fwstart on both sides, then try to push the policy.  I get the
notorious "resource temporarily unavailable".  I can't delete all of the
putkey files on both sides, because of all of the number of gateways
currently being managed.  Anybody have a sure way of doing this without
deleting all of the files and starting over?

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.