NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] FW does NAT but should not



Also try putting a keep orginal rule at the top of your NAT rulebase
Andrew Bagrin
Secure-1www.secure-1.com
----- Original Message -----
From: Hans-Joachim Hoetger <[email protected]>
To: <[email protected]>
Sent: Tuesday, November 14, 2000 12:39 PM
Subject: Re: [FW1] FW does NAT but should not


>
> On Tue, Nov 14, 2000 at 11:54:02AM -0500, Robert MacDonald wrote:
> >
> > Take a look at the Address Translation/NAT tab in the fw GUI.
> > That should tell you what is being NATted.
> >
>
> Hello
> As i said, there is shurely nothing that enforces this NAT.
> Meanwhile we found out a bit more: The problem seems to be
> originated by GRE. We told the ciscos to use IP-encapsulated
> (ip_p 4) for the tunnel instead of GRE and everythin works fine.
> It seems to me, as if i have discovered a BUG in FW-1. :-(
>
>
>
> >
> > >>> Hans-Joachim Hoetger <[email protected]> 11/14/00
11:34:46 AM >>>
> > >
> > >Hello
> > >I'm sitting in front of a very strange problem. There are
> > >two ciscos connected to my firewall. Lets say c1 and c2.
> > >They are talking to each other over a GRE tunnel. (ip_p 47)
> > >Everything works well, if c1 is sending to c2. The problem
> > >is as follows: The packets from c2 to c1 are NATted. (they
> > >hide behind the external IF of the firewall. There is
> > >shurely no rule that enforces this.
> > >Some tech. details:
> > >FW-1 Build 41716 [VPN + DES + STRONG] running on Solaris 7
> > >defaultroute poits to qfe0
> > >c1 can be reached over qfe0
> > >c2 is connected to qfe1
> > >
> > >If i snoop on qfe1, the (incoming) packets have the right
> > >SRC and DST. If i snoop on qfe0 (outgoing), the packets have
> > >the right DST, but SRC is set to the address of the firewall
> > >Interface qfe0.
> > >
> > >What can i do about this?
> >
>
> --
> Hans-Joachim Hoetger              voice: +49-5241-80-88990
> mediaWays GmbH                        NMW-T1 (Technologie)
>
> "Gut ist auch des Emporkommen von Linux als Herausforderer
> von Microsoft."       Angela Merkel (Die Zeit, 4.Mai 2000)
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.