Re: [FW1] Destination Net Unreachable - local interface

["Barry W. Kokotailo" <merlin@FW1-NOSPAMathabascau.ca>]

My suggestions:

1) Sit on the firewall and see if you can ping machines on the dmz and internal.
 
2) If you can, ping from the dmz to the internal.

3) Ping from the internal to the dmz.

4) Check that the defaault routes are in place on the internal network.

5) Make sure the internal machines have route set to point to how to get to the dmz.

Hope this helps.

merlin
 
 

Chuck Melanson wrote:

Hello All,

I have a problem with a customer firewall, it says that one of the nets
that are directly connected are "unreachable".

        External
        x.x.x.x

                        DMZ - 172.16.254.x

        Internal
        192.212.123.x

Traffic from DMZ to Internal works fine, but on the internal net,
traffic to the DMZ gets a response back from the FW with destination
unreachable.

No anti-spoofing is in place, address translation for internal to dmz is
ANY ANY ORIGINAL, the route on the fw says anything for the 172.16.254.x
net go to that interface of the fw.

Traffic the other way works without problem.

FW module: 4.1 Sp2 on NT

I have never seen NT spit up a destination unreachable for a connected
network before...any ideas?

Chuck.

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================

-- 
Barry W. Kokotailo
Senior Unix Systems AdministratorPGP =  71 71 96 A3 C0 C2 23 7A  23 4E D4 04 8C E0 42 6B  B0 2D D1 A5