Clustering Example With Non-Check Point Vpn - Nokia IPSO 4.0 Reference Manual

5

Clustering Example With Non-Check Point VPN

This section presents an example that shows how easy it is to configure an IPSO cluster to
support a VPN with a non-Check Point gateway. The following diagram illustrates the example
configuration:
This example cluster is very similar to the previous example. The additional elements are:
Hosts in the 10.1.1.0 network (the remote encryption domain) use a VPN tunnel to access
the 192.168.1.x network (connected to the internal router).
The VPN tunnel end points are the external cluster IP address and the external address of the
remote non-Check Point VPN gateway.
Here are the steps you would perform to configure the tunnel:
1. Follow the steps under
2. Log into the cluster using Cluster Voyager.
3. Click the option for enabling non-Check Point gateway and client support on the Clustering
Setup Configuration page.
246
192.168.1.0
Internal Cluster IP 192.168.1.10
.1
eth-s1p1
Cluster
Firewall A
(ID 10)
eth-s2p1
.1
Tunnel Endpoint
192.168.2.10
(External Cluster IP)
192.168.2.0
VPN-1/FireWall-1
Synchronization Network
Tunnel Endpoint:
"Configuring the Cluster in Voyager."
Internal
Router
192.168.1.5
192.168.1.10
.1 .2 .2
eth-s3p1 eth-s3p1
eth-s1p1
Firewall B
eth-s4p1 eth-s2p1 eth-s4p1
.1 .2 .2
192.168.2.10
192.168.2.5
192.168.2.5
External
Router
VPN Tunnel
Internet
10.1.2.5
Non-Check
Point VPN
Gateway
Nokia Network Voyager for IPSO 4.0 Reference Guide
Primary Cluster Protocol
Network:192.168.3.0
Cluster IP: 192.168.3.10
192.168.1.10
.3 .3
eth-s1p1 eth-s3p1
Firewall C
eth-s2p1 eth-s4p1
.3 .3
192.168.2.10
Secondary Cluster Protocol
Network: 192.168.4.0
Cluster IP: 192.168.4.10
10.1.1.0
Network