You are correct. Gateway clusters do stick their interfaces into the encryption domain. What I had to do to resolve this issue is this.. Create separate networks for each nokia (physical interface) and gateway clusters (sync networks). �172.25.1.1/30�� 172.25.1.4/30 and so on…
-----Original Message-----
David,
I had a similar problem,
If I understand it correctly you have 4 clusters, and they have one (or more) network(s) that is connected to some or all of them. Lets say Cluster 1 has IP 172.25.1.1 and Cluster 2 has IP 172.25.1.254 on the same 'physical' network.
The source of the problem is that NG puts all interfaces of its Gateway automatically in the encryption domain. So if Cluster 1 has the 172.25.1.0-network included in it's encryption domain, but Cluster 2 does not have it in it's encryption domain, you will still get this 'overlapping encryption domain'-error becuse cluster 2 has automatically put the address 172.25.1.254 in the encryption domain.
The solution is to make an address range - 172.25.1.1-172.25.1.253 (exluding 172.25.1.254) and put this address range in the encryption domain for Cluster 1 instead of the whole network.
Arnor Arnason EJS Iceland
"The information in this e-mail, and any attachment therein, is confidential and for use by the addressee only. If you are not the intended recipient, please return the e-mail to the sender and delete it from your computer. Although The Bank of New York attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses." |