Nokia clustering query

[menz456]

We have a nokia cluster running in forwarding mode/load sharing.
We have the general properties of each node configured for the internal ip address of each member.
But the cluster general properties page is set to an address from the clustering interface which is different to physical nodes.

Now the problem with have with this is that some hide nat rules say to hide behind the gateway of the cluster or default to this cluster ip address when going out to the internet which is causing us problems.
The ones that nat to the wrong address are shown as nat install on gateway rdenk3 but the ones that are good are install on all gateways.
I don't understand why this happens within the cluster?

We also have a lot of vpn issues that may be affected by this.
We have set the specifc ip address up for vpn's under the advanced link selection tab so this may not be true.

What we have seen is if we do a ping test from the firewall the address should be sent out of the external interface and given the hide address of the cluster but because of the general properties page of the cluster virtual ip address the firewall is nat'ing it to this cluster ip address and this is failing as it's a private address.
What should the general properties page say for the virtual ip of the cluster member?
I've enclosed some screenshots too.
Many Thanks
Sam

[coldark]

In my experience it's conventional to use the Cluster's EXTERNAL "Backup" (VIP) address (this is the VRRP BACKUP ADDRESS from Voyager) on the General Tab of the Cluster Object.

In your diagram it's a 192.168.x.x address which to me indicates this is an Internal Reserved (or private) address.

The HIDE NAT Address used on your cluster, should be your cluster's EXTERNAL address.

Also, is your Cluster's Topology Tab correctly configured?

[menz456]

The clusters topology tabs all seem correct but the General tab of the cluster is the clusters Primary Clustering sync ip address.
The ip addresses of the physical boxes are the actualy ip addresses on the
management interfaces.
I am think that the general properties should be as follows:
If the external addresses are say fw1=81.1.1.1 fw2=81.1.1.2
fwcluster=81.1.1.3 then this is what should be on the general properties
page of the nodes?
We actually have a primary and a secondary clustering interfaces and we are using the nodes in an active active forwarding type scenario.
This makes troubleshooting quite difficult. Maybe we should switch to
active/standby?
What seems to happen is that when packets leave the firewall they are being sent out as the internal cluster interface ip address as this is the general properties ip address I'm guessing. This is what is being used for all our NAT under the hide behind gateway address.
We have definately got this setup wrong I'm just not sure of the best way to sort it.
Thanks
Sam