Re: Nokia IP650 FW-1 with VRRP and NAT

From: Jerald Josephs (jerald.josephsat_private)
Date: Fri Feb 04 2000 - 20:07:49 PST

Next message: Jerald Josephs: "Re: Nokia/Checkpoint firewall"

Previous message: Yin To Chu: "RE: Nokia/Checkpoint"
Maybe in reply to: Jim Rice: "Nokia IP650 FW-1 with VRRP and NAT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a multi-part message in MIME format.
--------------D81A75182790BDDB72F65E41
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

If you were a bit more specific, I can guide you to the solution.
For one thing, please understand that IPSO will drop packets
with a destination IP address that is the VRRP IP Address.

Is this what you are trying to do?  The Nokia implementation
of VRRP, whether it is Version 2 or Monitored Circuit, complies
with RFC 2338, at least, it does now, :-).

The fact that you see a log entry in FW-1 that the packet
was translated indicates that the packet was processed by
FW-1, but once it handed it back to IPSO, it is possible that
it would not be processed further, based upon your configuration.

--
Jerald.Josephsat_private  (650) 625-2175 (office)
Manager Proactive Services
Nokia IP Routing Group   http://www.iprg.nokia.com
Customer Support   (888)477-9824 or (650)625-2525

Jim Rice wrote:

> Anyone got this working?
>
> A request goes to the VRRP address, is translated to the internal
> address, but is not forwarded to the internal interface.
> And yes, ipforwarding is on.
>
> So far, no word from either CheckPoint nor Nokia support...
>
> Any hints would be wonderful!
>
> --
> Jim Rice               o~         o~     ofc:    (949) 581-1700
> Techfuel, Inc.       +-/-'      <//\     fax:    (949) 581-1799
> 3 Musick              <<        /V<=     dsk:    (949) 609-0412
> Irvine, CA 92618     <"===>    @ ==@     net:  jimat_private





--------------D81A75182790BDDB72F65E41
Content-Type: text/x-vcard; charset=us-ascii;
 name="jerald.josephs.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Jerald Josephs
Content-Disposition: attachment;
 filename="jerald.josephs.vcf"

begin:vcard 
n:Josephs;Jerald
tel;fax:650-625-2903
tel;work:650-625-2175
x-mozilla-html:TRUE
url:http://www.iprg.nokia.com
org:Nokia IP Routing Group;Customer Services
adr:;;313 Fairchild Ave;Mountain View;California;94043;USA
version:2.1
email;internet:Jerald.Josephsat_private
title:Manager Proactive Services
x-mozilla-cpt:;0
fn:Jerald Josephs
end:vcard

--------------D81A75182790BDDB72F65E41--

Next message: Jerald Josephs: "Re: Nokia/Checkpoint firewall"
Previous message: Yin To Chu: "RE: Nokia/Checkpoint"
Maybe in reply to: Jim Rice: "Nokia IP650 FW-1 with VRRP and NAT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:00:52 PDT