[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] NAT Question
There are a couple of ways to approach this. I prefer, however, not to run traffic in and out of a routing device or firewall unnecessarily. That is, I don't like to bounce traffic off the firewall and back into the internal network when the destination host is simply a piece of wire away. Since they're using Exchange, they're probably running NT internally. If possible, set up hosts files to indicate the actual private address. (NT experts: can you do this in a DHCP scope?) Otherwise, use manual translation to tell the firewall to translate traffic from the internal network to the exchange server to the exchange server's private address. Kind of clumsy, but it works. source: internal_net destination:Exchange_Public_Address xlate source: internal net xlate destination: Exchange_Private_Address. Michael J Lawrence CISSP CCSI -----Original Message----- From: Kondisetty, Sudhir [SMTP:[email protected]] Sent: Tuesday, May 15, 2001 9:18 AM To: '[email protected]' Subject: [FW1] NAT Question Hello all, I'm helping a company upgrade their CheckPoint firewall. They have an Exchange server on their internal network running Outlook Web Access (OWA). Though they have plans to move it to their DMZ, for now they have to keep it on their internal network. The firewall is performing address translation on the server. The outside world and dmz access it fine. However, the internal hosts are having trouble accessing it. The DNS server the client is using is returning the valid (translated) address, not the actual (internal)address. If I traceroute the translated address, the path looks correct - client>router>firewall>router>server. However, they are not able to access the server via http. If I have them type in the actual address in the URL, they have no problem. Any ideas? Thanks! Sudhir ======================================================================== ======== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ======== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|