[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] FW does NAT but should not
Hello I'm sitting in front of a very strange problem. There are two ciscos connected to my firewall. Lets say c1 and c2. They are talking to each other over a GRE tunnel. (ip_p 47) Everything works well, if c1 is sending to c2. The problem is as follows: The packets from c2 to c1 are NATted. (they hide behind the external IF of the firewall. There is shurely no rule that enforces this. Some tech. details: FW-1 Build 41716 [VPN + DES + STRONG] running on Solaris 7 defaultroute poits to qfe0 c1 can be reached over qfe0 c2 is connected to qfe1 If i snoop on qfe1, the (incoming) packets have the right SRC and DST. If i snoop on qfe0 (outgoing), the packets have the right DST, but SRC is set to the address of the firewall Interface qfe0. What can i do about this? -- Hans-Joachim Hoetger voice: +49-5241-80-88990 mediaWays GmbH NMW-T1 (Technologie) "Gut ist auch des Emporkommen von Linux als Herausforderer von Microsoft." Angela Merkel (Die Zeit, 4.Mai 2000) ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|