Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Vrrp

To: [email protected]
Subject: Re: [FW-1] Vrrp
From: Reinhard Stich <[email protected]>
Date: Fri, 11 Jul 2003 14:54:14 +0200
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

hi,

At 13:06 11.07.2003 +0200, you wrote:

1. Please note I have two Nokia Ip 330's running vrrp. , They both are
Vpn-1/Fw-1 Ng Fp3 Modules.
I am trying to understand more about vrrp etc.
My question is if interface 1 is the master and interface 2 is the slave.
The both bind the cluster mac/ip to themselves.


each interface has an interface-IP-address, only one of them has the
cluster-IP-address. if you do a "ifconfig -a" you should see this IP-address.

I suggest you do all your tests without having fw1 installed and only using
the nokias as a router. when you feel to understand vrrp install and
activate fw1. don't forget to allow vrrp-traffic!

When I ping the clustered ip I receive an echo replies, as well as the
master interface. But when I ping the slave interface no echo replies
Are received. Is this due to the way vrrp works?.


you should be able to ping the vrrp-IP-address as well as both
interface-IPs if fw1 policy allowes this.

cheers
reinhard

2. When I console into one of the modules I perform the following test. I
have 5 interfaces in each Nokia ip330 box. , Therefore different subnets.
I console into the module. I try to ping the other modules interface on
each of the five subnets with no response (No echo replies).
This happens on both modules but you can ping its own interfaces on the 5
subnets but not the opposite modules.

Why then is it possible when ping from the management server I can ping
all interfaces of both modules on all subnets, but the opposite is true via
Console access on the fw modules
Thanks

Jason Cameron

* Email : [email protected]
Web: www.fin-x.com
<outbind://2-00000000F1A0AC2AE0BEB2478E1484EEA2403E3707009EAC4D94A566D17ED88FEC00009EAC4D94A566D17ED88FE0000/www.fin-x.com>


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


--
Reinhard Stich,   ASSIST    [email protected]
Internet Security AG, 1190 Wien, Nussdorfer Laende 29-33
Tel: +43 1 370 94 40  RS784-RIPE Fax: +43 1 370 94 40-10

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] Vrrp
  - From: Jason Cameron <[email protected]>

Prev by Date: Re: [FW-1] SecureRemote from behind a firewall
Next by Date: [FW-1] State synchronization without ClusterXL on NG-FP3
Previous by thread: [FW-1] Vrrp
Next by thread: [FW-1] SecureRemote from behind a firewall
Index(es):
- Date
- Thread