Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Nokia HA- why backup vrrp requires host route, proxy-a rp doesn't

To: [email protected]
Subject: Re: [FW-1] Nokia HA- why backup vrrp requires host route, proxy-a rp doesn't
From: "<Aaron Reynolds>" <[email protected]>
Date: Mon, 24 Feb 2003 17:47:12 -0700
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Yes, with proxy-arp it was using the VMAC.  Now I have moved them to VRRP
backup IP's.  In order for it to work, I had to create the host routes
pointing to the internal next hop router.  For some reason they were
required with VRRP backup.  It is strange that it was working for several
months on proxy-arp, with no host routes.  I do, however, have a static
route to the subnet that the static IP is NAT'd to.  This means one of two
things:

With proxy-arp things go Accept -> NAT -> route
or
With proxy-arp it was using the static route for the internal subnet.  I
don't know how it could have done this though, if NAT didn't happen before
it was routed.  Very strange.  Thanks for your reply.

-Aaron

-----Original Message-----
From: Ted Serreyn [mailto:[email protected]]
Sent: Monday, February 24, 2003 3:31 PM
To: [email protected]
Subject: Re: [FW-1] Nokia HA- why backup vrrp requires host route,
proxy-arp doesn't


are you proxy arping for the vrrp monitored circuit mac address.
00:00:5e:01:00:XX
Also I would aways add the host routes for 4.1 firewalls.

Ted



On Mon, 2003-02-24 at 12:49,  wrote:
> 4.1 SP6 / IPSO 3.5 FCS8
>
> Switched from using proxy-arp to backup vrrp, but couldn't get incoming
mail
> to work with backup vrrp.  Traffic would hit firewall, get accepted, and
> then go nowhere.  I would switch back to proxy-arp and everything would
> work.  Following a suggestion, I entered a host route on the firewalls
with
> a gateway of the internal next hop router.  After doing this, everything
> works.  I am trying to figure out what the difference is between proxy-arp
> and backup vrrp, requiring backup vrrp to have a host route, when
proxy-arp
> has worked fine without one.  Thanks for any input.
>
> -Aaron

--
Ted Serreyn
Serreyn Network Services, LLC
http://www.serreyn.com/

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] [fw1-wizards] connection works with proxy-arp, but not backup VRRP - Nokia HA p air
Next by Date: Re: [FW-1] ftp problems - command ended without a new line
Previous by thread: Re: [FW-1] [fw1-wizards] connection works with proxy-arp, but not backup VRRP - Nokia HA p air
Next by thread: [FW-1] 4.1 packet to tcp 256 gives cookie_length log and kills firewalls
Index(es):
- Date
- Thread