[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Multiple routers
Robert, After trying to view your ASCII art(which didn't come through very well), I need to ask if you have tried to communicate from the end device(int WAN rtr) to the outside device? Does your fw log anything out of the ordinary? Ping and traceroute wait for return packets. Your systems may know how to route 'inward', but they may not know how to route 'outward'(ex. a traceroute could make it all the way in, but the return packet may die 2 hops away from the return destination, because that device didn't know where to send packet.) I usually will go to the device that the traceroute reported last and start my analysis from there. Lather, rinse and repeat until you have found the culprit. Let us know. Robert - - Robert P. MacDonald, Network Engineer Team Lead, e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> "Spottsville, Robert" <[email protected]> 11/15/00 5:55:01 PM >>> > >A rough outline of my network follows: > > > >Internet <--------> Router <----------> (Internet routable IP address) >Firewall (192.x.x.1) <-----------> (192.x.x.2) Internal Router >(175.x.x.1)<---------> Internal Network > > | >(210.x.x.1) | (10.x.x.2) > | >| > | >| > | >| > > DMZ >Internal WAN Router ( 10.x.x.1) > >This is my problem. I've set up a VPN that has included both our Internal >Network (with the appropriate Network Objects defining the network's >addresses) and the Network Objects encompassing the WAN (i.e. Network >addresses), along with the appropriate rule base allowing access to my >Encryption Domain. In attempting to access hosts that are on the Internal >WAN, packets don't leave the above illustrated Internal WAN Router. I've >confirmed this by both pinging and doing traceroutes to these hosts, in each >case they die at the Internal WAN Router. With this sketchy diagram does >anyone have any thoughts as to what might be the problem. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|