AW: AW: [Openswan Users] Openswan and Checkpoint AI (R54) withRainwallCluster Software

[Westerhold, Axel]

Well,

:-) ! I am honestly not sure this is covered by any RFC or IETF draft. So, I am not saying this has to be supported by Openswan. It seems it is not. I will have to find a different solution for this problem, maybe using a Cisco Pix or putting a Openswan box in one of the DMZs.

Thanks for your help,

Axel Westerhold
DTS Systeme GmbH
Datacenter - IT Security Team
Schrewestr. 4-8
Tel: (+49) 5221 101 1035
Fax: (+49) 5221 101 3001
Cell: (+49) 171 9754 756
PK: 1EF597FA

-----Ursprüngliche Nachricht-----
Von: Ken Bantoft [mailto:ken at xelerance.com] 
Gesendet: Montag, 19. April 2004 14:50
An: Westerhold, Axel
Cc: users at lists.openswan.org
Betreff: Re: AW: [Openswan Users] Openswan and Checkpoint AI (R54) withRainwallCluster Software

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Mon, 19 Apr 2004, Westerhold, Axel wrote:

> Thanks for the quick answer.
> 
> The problem looks like asymmetrical IPsec routing simply because this is
> not a failover solution but a loadbalancing solution. That's why I can
> define a VPN Gateway on Checkpoint and Cisco with more then one IP
> address. That way I can define gateway = VIP,node1,node2. I was
> wondering if this is possible using freeswan.

Not to my knowledge.  Can you give details, like RFCs, IETF drafts, or 
published documentation on this method of loadbalancing?



- -- 
Ken Bantoft			VP Business Development
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

The future is here. It's just not evenly distributed yet. 
        -- William Gibson

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAg8ryPiOgilmwgkgRAqUiAJ446mF3QvZq7IojuUKx673STPyhNwCgsi5d
IwSSmDdQtMGSDR8wf6gsthI=
=zQJH
-----END PGP SIGNATURE-----