hi folks,
I have the following scenario I am wondering if someone can help me with:
|--CPx--|
hostA-| |---Internet---RouterZ---hostB
|--CPy--|
Checkpoint firewall is NGx R61 with hfa01. Nokia IPSO is ipso4.1 build 19.
hostA is 10.100.109.12/24. HostB is 192.168.109.1/24 (RouterA lo0). RouterZ
is running IOS 12.2(15)T17
I have a site-2-site VPN between CP and RouterA.
When I setup the CP firewall as Active/Standby with simplified VRRP, the VPN
works fine. When I shutdown CPx, the vpn tunnel failover to CPy and I lose
about 1 or maybe 2 ping packets which is expected, when hostA ping hostB
and vice versa through the VPN tunnel.
Now I remove VRRP configuration from CPx and CPy and reboot the firewall.
When CPx and CPY comeback online, I setup ipso clustering in "forwarding"
mode for Active/Active. I also modified the checkpoint policy for
load-balancing
method, and push the policy.
Now I have intermittent vpn connectivity issues. When both firewalls are online
hostA can ping hostB just fine but it always timeout on the first packet.
HostB,
on the other hand, can not ping hostA at all, unless I shutdown either CPx or
CPy. After that, hostB can ping hostA.
Has someone done this before can tell me how to fix this issue? Many thanks in
advance.
---------------------------------
We won't tell. Get more on shows you hate to love
(and love to hate): Yahoo! TV's Guilty Pleasures list.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
