[Openswan Users] Openswan and Checkpoint AI (R54) with Rainwall
Cluster Software
Ken Bantoft
ken at xelerance.com
Mon Apr 19 14:04:04 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 19 Apr 2004, Westerhold, Axel wrote:
> Hi,
>
> I am running into problems connecting Freeswan/Openswan VPN Gateways to
> various Checkpoint/Rainwall Cluster Systems.
>
> The problems occurs because I haven't been able to identify any item
> within the Openswan config to define multiple IP's for the 'right='
> gateway. This will kill proper communication with Checkpoitn workload
> balancing clusters because a node will answer with an IP different then
> the Virtual IP assigned to the cluster. Many other IPSEC implementations
> (Cisco, Checkpoint etc) allow me to define the cluster node IP in
> addition to the virtual IP. As said I way unable to find this within
> Openswan.
>
> Anyone able to help ?
I've done CP interop for a few years, but not with clusters. Try defining
the virtual IP as rightsubnet=1.2.3.4/32. But I'm not sure what 'a node
will answer with an IP different then the Virtual IP assigned to the
cluster' means - it sounds like its asymmetrical IPsec routing.
- --
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFAg7InPiOgilmwgkgRAqmzAKC0bmzNn0kUjD4fbciVXXE6QzYb7QCgjI+O
IcxAhMBbtfIkmDLgv/1Bzwc=
=LeXt
-----END PGP SIGNATURE-----
More information about the Users
mailing list