From: Tracy Blackmore (TracyB@xxxxxxxxx)
Date: Tue Nov 06 2001 - 10:59:46 GMT-3
John;
As they said, this should normally work. I have built many ARP tables on a
CheckPoint box and never had a problem. As a MAC is Layer-2 only, I don't
see what the difference between a Multicast MAC and a Unicast MAC would be
on the Solaris box. I did find this documentation for you:
Firewall-1 does not treat multicast as a special case, so for
VPN-1/FireWall-1, a
multicast packet is simply an IP packet with a class D (224.0.0.0 -
239.255.255.255) destination address.
Ask them to attempt loading their ARP table with the multicast MAC and see
what happens. As well, have them call me if they need help :)
Tracy W. Blackmore
Senior Security Engineer
T.S. Lad Consulting
1026 East Stanford Avenue
Gilbert, Arizona, 85234
-----Original Message-----
From: John Elias [mailto:jelias_@hotmail.com]
Sent: Tuesday, November 06, 2001 6:33 AM
To: ccielab@groupstudy.com
Subject: OT: static arps for multicast mac addresses
Guys,
I have a customer who is using 2 sun boxes running checkpoint firewall
connected with a hub to our router, then out to the internet. They are both
running as primary and are sharing a virtual ip and mac address. The
customer wants us to statically arp map 140 ips to mac addresses on the
router, which we are not willing to do as per upper management. I suggested
he try to implement it on his own box and arp them to us. He has informed
me that his firewall people told him that under normal conditions it would
work but since they are looking to arp map ips to multicast mac addresses it
would not work. Firewall guy says that cisco routers do this on purpose so
as to not to use the multicast mac addresses on the internet.
1. Is this true?
2. Is there any documentation on this? (Looked and did not find any)
John E.
CCIE #8150
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:05 GMT-3