[Openswan Users] Openswan and Checkpoint AI (R54) with Rainwall Cluster Software

Ken Bantoft ken at xelerance.com
Mon Apr 19 14:04:04 CEST 2004

Hash: SHA1

On Mon, 19 Apr 2004, Westerhold, Axel wrote:

> Hi,
> I am running into problems connecting Freeswan/Openswan VPN Gateways to
> various Checkpoint/Rainwall Cluster Systems.
> The problems occurs because I haven't been able to identify any item
> within the Openswan config to define multiple IP's for the 'right='
> gateway. This will kill proper communication with Checkpoitn workload
> balancing clusters because a node will answer with an IP different then
> the Virtual IP assigned to the cluster. Many other IPSEC implementations
> (Cisco, Checkpoint etc) allow me to define the cluster node IP in
> addition to the virtual IP. As said I way unable to find this within
> Openswan. 
> Anyone able to help ?

I've done CP interop for a few years, but not with clusters.  Try defining 
the virtual IP as rightsubnet=  But I'm not sure what 'a node 
will answer with an IP different then the Virtual IP assigned to the 
cluster' means - it sounds like its asymmetrical IPsec routing.

- -- 
Ken Bantoft			VP Business Development
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

The future is here. It's just not evenly distributed yet. 
        -- William Gibson

Version: GnuPG v1.2.1 (GNU/Linux)


More information about the Users mailing list