Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Multiple routers

To: <[email protected]>, <[email protected]>
Subject: Re: [FW1] Multiple routers
From: "Robert MacDonald" <[email protected]>
Date: Thu, 16 Nov 2000 07:43:29 -0500
Sender: [email protected]

Robert,

After trying to view your ASCII art(which didn't come
through very well), I need to ask if you have tried
to communicate from the end device(int WAN rtr)
to the outside device? Does your fw log anything
out of the ordinary?

Ping and traceroute wait for return packets. Your
systems may know how to route 'inward', but they
may not know how to route 'outward'(ex. a traceroute
could make it all the way in, but the return packet
may die 2 hops away from the return destination,
because that device didn't know where to send
packet.)

I usually will go to the device that the traceroute
reported last and start my analysis from there.

Lather, rinse and repeat until you have found
the culprit.

Let us know.
Robert

- -
Robert P. MacDonald, Network Engineer
Team Lead, e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice:email: [email protected]

>>> "Spottsville, Robert" <[email protected]> 11/15/00 5:55:01 PM >>>
>
>A rough outline of my network follows:
> 
>
>                                    
>Internet  <-------->  Router  <---------->  (Internet routable IP address)
>Firewall  (192.x.x.1) <-----------> (192.x.x.2) Internal Router
>(175.x.x.1)<--------->  Internal Network
> 
>                                                              |
>(210.x.x.1)                | (10.x.x.2)
>                                                              |
>|
>                                                              |
>|
>                                                              |
>|
>                                                            
>                                                            DMZ
>Internal WAN Router ( 10.x.x.1)
>
>This is my problem.  I've set up a VPN that has included both our Internal
>Network (with the appropriate Network Objects defining the network's
>addresses) and the Network Objects encompassing the WAN (i.e. Network
>addresses), along with the appropriate rule base allowing access to my
>Encryption Domain.  In attempting to access hosts that are on the Internal
>WAN, packets don't leave the above illustrated Internal WAN Router.  I've
>confirmed this by both pinging and doing traceroutes to these hosts, in each
>case they die at the Internal WAN Router.   With this sketchy diagram does
>anyone have any thoughts as to what might be the problem.




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] errors in eventlog
Next by Date: Re: [FW1] SecuRemote and NDIS/WAN
Previous by thread: [FW1] Multiple routers
Next by thread: [FW1] 554 Mailbox unavailable
Index(es):
- Date
- Thread