[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] FW does NAT but should not
Hans, Take a look at the Address Translation/NAT tab in the fw GUI. That should tell you what is being NATted. Robert - - Robert P. MacDonald, Network Engineer Team Lead, e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> Hans-Joachim Hoetger <[email protected]> 11/14/00 11:34:46 AM >>> > >Hello >I'm sitting in front of a very strange problem. There are >two ciscos connected to my firewall. Lets say c1 and c2. >They are talking to each other over a GRE tunnel. (ip_p 47) >Everything works well, if c1 is sending to c2. The problem >is as follows: The packets from c2 to c1 are NATted. (they >hide behind the external IF of the firewall. There is >shurely no rule that enforces this. >Some tech. details: >FW-1 Build 41716 [VPN + DES + STRONG] running on Solaris 7 >defaultroute poits to qfe0 >c1 can be reached over qfe0 >c2 is connected to qfe1 > >If i snoop on qfe1, the (incoming) packets have the right >SRC and DST. If i snoop on qfe0 (outgoing), the packets have >the right DST, but SRC is set to the address of the firewall >Interface qfe0. > >What can i do about this? ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|