Keeping Phase 1 always connected.... 1

[LedZepRock]

Hi

Odd one this... I have a client that wishes to setup a VPN connection between his PIX and our Checkpoint, now the VPN is no trouble but he is asking that the Phase 1 part of the VPN be kept "always connected", I am unsure to what his motives for this is!! It is a failover system that will be only rarely used, so its not the overhead of negotiation, I am really unsure, so I have 2 questions...

1, Can the checkpoint be configured to work like this??

2, Am I missing something about why keeping it always on is a good idea????

Any thoughts would be great.

Thanks
Simon

 

[ChrisAC]

1, Can the checkpoint be configured to work like this??"

I doubt it! I also doubt that the pix would work this way.

"2, Am I missing something about why keeping it always on is a good idea????"

There is no reason at all that you would need this.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[LedZepRock]

Thanks

I had come to the same answers (I also use the PIX here), but when somebody keeps pushing this you start to doubt what you thought to be correct.

My client has since admited that the person there end who is pushing this has just been on a course and has never configured one live before, so it all makes much more sense now

Thanks for the confirmation though.

Simon