|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] FW does NAT but should not
On Tue, Nov 14, 2000 at 11:54:02AM -0500, Robert MacDonald wrote: > > Take a look at the Address Translation/NAT tab in the fw GUI. > That should tell you what is being NATted. > Hello As i said, there is shurely nothing that enforces this NAT. Meanwhile we found out a bit more: The problem seems to be originated by GRE. We told the ciscos to use IP-encapsulated (ip_p 4) for the tunnel instead of GRE and everythin works fine. It seems to me, as if i have discovered a BUG in FW-1. :-( > > >>> Hans-Joachim Hoetger <[email protected]> 11/14/00 11:34:46 AM >>> > > > >Hello > >I'm sitting in front of a very strange problem. There are > >two ciscos connected to my firewall. Lets say c1 and c2. > >They are talking to each other over a GRE tunnel. (ip_p 47) > >Everything works well, if c1 is sending to c2. The problem > >is as follows: The packets from c2 to c1 are NATted. (they > >hide behind the external IF of the firewall. There is > >shurely no rule that enforces this. > >Some tech. details: > >FW-1 Build 41716 [VPN + DES + STRONG] running on Solaris 7 > >defaultroute poits to qfe0 > >c1 can be reached over qfe0 > >c2 is connected to qfe1 > > > >If i snoop on qfe1, the (incoming) packets have the right > >SRC and DST. If i snoop on qfe0 (outgoing), the packets have > >the right DST, but SRC is set to the address of the firewall > >Interface qfe0. > > > >What can i do about this? > -- Hans-Joachim Hoetger voice: +49-5241-80-88990 mediaWays GmbH NMW-T1 (Technologie) "Gut ist auch des Emporkommen von Linux als Herausforderer von Microsoft." Angela Merkel (Die Zeit, 4.Mai 2000) ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
