Security

Reply
Regular Contributor I
Posts: 174
Registered: ‎10-22-2010

RAP2-WG across WAN through a checkpoint firewall.

Hi,

 

The setup is master-standby, they share a vrrp-address. There are about 4 local controllers. No PEF or PEFNG license. 

 

we have a RAP-2WG connecting from the internet via a checkpoint firewall. 

 

The RAP comes up fine, if the RAP is in the internal network, in the same vlan as the controllers are in.. 

 

When its on the internet, the IPSEC SA is formed, ISAKMP SA is also getting formed. We see the RAP up on the controller for about 1:30 minutes & goes down forever. 

 

Is it mandatory to have a PEFNG license in order to bring up an RAP-2WG?

Guru Elite
Posts: 20,978
Registered: ‎03-29-2007

Re: RAP2-WG across WAN through a checkpoint firewall.

Hopefully, you don't have the static NAT pointing to the VRRP address, because having a NAT pointint to a VRRP does not work with firewalls.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: