Filter
Top Products
2
142 Nokia Network Voyager for IPSO 4.0 Reference Guide
VRRP Support
VRRP HA mode is supported for OSPFv2 over virtual tunnels. Only active-passive mode is
supported: that is, only one gateway can have the master state.
Because a VTI is an unnumbered interface, you cannot configure a virtual IP address on it. To
run in VRRP mode across the tunnel, OSPF instead detects the presence of one or more VRRP
virtual IP addresses on the system.
When configuring OSPF to run in VRRP mode, make sure that you:
Configure OSPF identically on the VTI in both the master and backup.
Turn on the Virtual Address option in the OSPF configuration for the VTI.
The OSPF protocol runs only on the VTI of the master gateway. If the master gateway fails, the
OSPF protocol starts running on the VTI of the backup gateway. Because adjacency needs to be
reestablished, there will be a temporary loss of routes.
Creating Virtual Tunnel Interfaces
To create a virtual tunnel interface
1. Create a VPN community the contains the two gateways, using the SmartDashboard. The
VPN community defines the virtual tunnel properties, such as the type of encryption used.
Because encryption is determined by routing packets through the tunnel, no VPN domain is
required. You must configure an empty VPN domain as described in the “To create the VPN
community” procedure.
2. Create the virtual tunnel interface on each gateway, using either Nokia Network Voyager or
the Check Point vpn shell. The procedure “To create the virtual tunnel interface” describes
how to do so using Nokia Network Voyager.
To create the VPN community
1. Using the Check Point SmartDashboard, create the peer gateway objects.
2. In the Topology tab of one gateway object, select the Manually defined option under VPN
Domain and create a new group domain that has no members. Assign the second gateway
also to this empty domain.