[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] VPN and NAT Question
> Hi > > I have a problem with setting up a VPN and NAT. > > Have two Firewall-1 VPN's 4.1 SP1, NT Servers. Each residing at separate > offices. We have configured the VPN option on both and have successfully > exchanged Certificates/Keys. > > Firewall A has three network cards in, one attached to the internet with a > valid IP address and two with IP addresses for two subnets 192.168.1.0 and > 192.168.2.0 (i.e. 1.254 and 2.254) > > Firewall B has two network cards, one attached to the internet with a > valid Ip address and one with an IP address (192.168.3.254) for the subnet > 192.168.3.0 > > We have two problems.. > > the first is that we cannot ping a server we have set up with NAT on our > 3.0 network from the Internet, (even with all firewall rules relaxes i.e. > allow everything) > If we ping the valid internet address of the server from the console on > Firewall B, it resolves and replies. > > The second, more important problem is.. > > how do I route encrypted traffic from Firewall A to Firewall B using the > VPN - i.e. say my IP address is 192.168.1.200 on Firewall A and I want to > speak to host 192.168.3.50 at the other office - what do I do? I have set > the rule base up to encrypt traffic either way using a group (i.e. > grouping Networks 192.168.1.0 and 192.168.2.0 on Firewall A and > 192.168.3.0 on Firewall B, allowing any traffic to be encrypted). So I > think according to the manual the VPN seems to be okay. > > It's just, I don't understand how you route traffic from say our > 192.168.1.0 network on Firewall 1 to a server in the 192.168.3.0 network > on Firewall2. Normally, it is easy to do with the Firewall using 'route > add' at the NT command prompt. > > The problem I have now is, how and where do I tell the Firewall A NT > server how to route an invalid 192.168.3.x address to the Firewall B NT > server over the internet. And, if I was successful in doing this, how do I > ensure that when it gets to Firewall B, the firewall there can route > 192.168.3.x traffic. > > I guess what I am asking is, what is the process, from me typing > 192.168.3.50 behind Firewall A to it getting passed via the VPN to > Firewall B? > > Our configuration is set up so that it treats Firewall B as an external > network as per page 67 in the VPN Guide. > > Please help. Even if it is a referral to a page in any of the Checkpoint > books. I cannot find it! > Thanks George ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|