Re: [FW-1] IPSec Lan-Lan Cisco VPN and Checkpoint Active-Standy Issue's

Subject:	Re: [FW-1] IPSec Lan-Lan Cisco VPN and Checkpoint Active-Standy Issue's
From:	cisco4ng <cisco4ng AT YAHOO DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Mon, 27 Feb 2006 09:45:34 -0800

There are a few things you need to be aware of on the Checkpoint end:
   
  1)  Are you running VRRP or ClusterXL?  In either case, you need to enable
  synchronization, otherwise, vpn will not work.
   
  2)  The Cisco VPN device should peer with either the ClusterXL IP or Nokia 
  VRRP IP address.
   
  I currently have a pair of SPLAT R55w firewalls running ClusterXL in 
Active/Standby
  mode and it is working great.  I have about 25 site-to-site VPN tunnels on 
this firewall.
  Of that 25 VPN tunnels, 20 of those are either Cisco IOS routers, Cisco VPN 
Concentrators or Cisco Pix firewalls.
   
  HTH

libone mhlanga <libone AT LYCOS DOT COM> wrote:
  Anyone had any problems with an IPSec Lan-Lan VPN connection between a Cisco 
VPN and Checkpoint Active-Standby Cluster. The Tunnel Comes up from both sides 
with no problem but only traffic coming the Cisco VPN side seems to pass 
through the tunnel. When Initiating traffic from the Checkpoint Cluster side it 
does not seem pass any traffic although the tunnel does come up. The IKE peer 
(Checkpoint Cluster side) appears to kick off the tunnel with either the Active 
address or the Cluster Address. 

-- 
_______________________________________________

Search for businesses by name, location, or phone number. -Lycos Yellow Pages

http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


                
---------------------------------
Brings words and photos together (easily) with
 PhotoMail  - it's free and works with Yahoo! Mail.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] IPSec Lan-Lan Cisco VPN and Checkpoint Active-Standy Issue's, libone mhlanga Re: [FW-1] IPSec Lan-Lan Cisco VPN and Checkpoint Active-Standy Issue's, cisco4ng <= Re: [FW-1] IPSec Lan-Lan Cisco VPN and Checkpoint Active-Standy Issue's, Gary Scott

Previous by Date:	Re: [FW-1] Bash on IPSO, Brian Lawrence
Next by Date:	Re: [FW-1] IPSec Lan-Lan Cisco VPN and Checkpoint Active-Standy Issue's, Gary Scott
Previous by Thread:	[FW-1] IPSec Lan-Lan Cisco VPN and Checkpoint Active-Standy Issue's, libone mhlanga
Next by Thread:	Re: [FW-1] IPSec Lan-Lan Cisco VPN and Checkpoint Active-Standy Issue's, Gary Scott
Indexes:	[Date] [Thread] [Top] [All Lists]