«

Hello All,

Does anyone have experience with LAN-to-LAN connections bettween a VPN3005
and a "cluster" of Checkpoint FWs?

One of my trading parters has changed their Checkpoint gateway into what
he calls a cluster. He is not running VRRP, but some type of load sharing
configuration. What this means to the VPN3k is that it is connecting to
address a.a.a.a and receiving responses from address a.a.a.b. As you can
imagine, the VPN3k is ignoring the secondary address since the tunnel was
not established to that address. I have looked at setting up multiple
gateways on the VPN3k, but that can only be done with a one-way connection
and this needs to be bi-directional.

I was hoping to get some opinions on this "cluster" idea he is
using. To my mind a VPN gateway that receives at one address and responds
on another is broken, but the partner insists that this is done with
Checkpoint devices all of time. Opinions and/or suggestions would be
appreciated.

--
Bill Thompson