Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] FW does NAT but should not

To: fw-1 Mailinglist <[email protected]>
Subject: [FW1] FW does NAT but should not
From: Hans-Joachim Hoetger <[email protected]>
Date: Tue, 14 Nov 2000 17:34:46 +0100
Mail-followup-to: fw-1 Mailinglist <[email protected]>
Sender: [email protected]
User-agent: Mutt/1.0.1i

Hello
I'm sitting in front of a very strange problem. There are
two ciscos connected to my firewall. Lets say c1 and c2.
They are talking to each other over a GRE tunnel. (ip_p 47)
Everything works well, if c1 is sending to c2. The problem
is as follows: The packets from c2 to c1 are NATted. (they 
hide behind the external IF of the firewall. There is 
shurely no rule that enforces this. 
Some tech. details:
FW-1 Build 41716 [VPN + DES + STRONG] running on Solaris 7
defaultroute poits to qfe0
c1 can be reached over qfe0
c2 is connected to qfe1

If i snoop on qfe1, the (incoming) packets have the right
SRC and DST. If i snoop on qfe0 (outgoing), the packets have
the right DST, but SRC is set to the address of the firewall
Interface qfe0.

What can i do about this?
-- 
Hans-Joachim Hoetger              voice: +49-5241-80-88990
mediaWays GmbH                        NMW-T1 (Technologie)

"Gut ist auch des Emporkommen von Linux als Herausforderer 
von Microsoft."       Angela Merkel (Die Zeit, 4.Mai 2000)


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Proximity of Management Console to FW Gateways
Next by Date: RE: [FW1] OT - MAC to manufacturer table
Previous by thread: [FW1] Windows 2000 Problems
Next by thread: Re: [FW1] FW does NAT but should not
Index(es):
- Date
- Thread