|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] NAT Problems
It is version 4.0 Build 4031, and we are using ISAKMP/Oakley, DES w/ MD5
using a Preshared secret. I know its not a recent build, but I just got
tossed into doing this.
Any help would be greatly appreciated.
Thanks again!
From: CryptoTech <[email protected]>
To: Derek <[email protected]>
CC: [email protected]
Subject: Re: [FW1] NAT Problems
Date: Tue, 21 Nov 2000 21:01:26 -0500
Derek,
Can you give a few more details like the 4.0 build level (fw ver -k) and
the encryption
type you use from site to site?
NAT is not common to use in site to site vpn's. It can be done, but it is
tricky.
Thx,
CryptoTech
"Derek " wrote:
> I'm having an odd problem with my FW-1. It is version 4.0 on Solaris
2.6.
>
> When I am using a certain appication and sending large amounts of data,
the
> firewall tries to re-key with the firewall at the other end during the
> middle of the transfer, the for some reason my firewall starts sending
the
> internal IP address of the computer on our network instead of sending
the
> NAT address. When it does this, I see a drop for the internal IP
address in
> my firewall log, and the guy at the other end sees my internal address
> instead of the NATed address so it is dropped on his end also.
>
> For example:
>
> Say the IP address of my computer is 192.168.0.125 and it is NATed to
> 216.100.100.33, when it starts the communication with the other firewall
to
> encrypt the data it sends over 216.100.100.33 starts doing its thing,
then
> it reinstalls the key with the other firewall during the transfer, and
> starts sending 192.168.0.125 out instead of the correct address.
>
> I hope I explained it good. Any ideas?
>
> Thanks in advance!
_____________________________________________________________________________________
Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|