NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] NAT Problems




It is version 4.0 Build 4031, and we are using ISAKMP/Oakley, DES w/ MD5 using a Preshared secret. I know its not a recent build, but I just got tossed into doing this.


Any help would be greatly appreciated.

Thanks again!

From: CryptoTech <[email protected]>
To: Derek   <[email protected]>
CC: [email protected]
Subject: Re: [FW1] NAT Problems
Date: Tue, 21 Nov 2000 21:01:26 -0500

Derek,
Can you give a few more details like the 4.0 build level (fw ver -k) and the encryption
type you use from site to site?


NAT is not common to use in site to site vpn's. It can be done, but it is tricky.

Thx,
CryptoTech

"Derek " wrote:

> I'm having an odd problem with my FW-1. It is version 4.0 on Solaris 2.6.
>
> When I am using a certain appication and sending large amounts of data, the
> firewall tries to re-key with the firewall at the other end during the
> middle of the transfer, the for some reason my firewall starts sending the
> internal IP address of the computer on our network instead of sending the
> NAT address. When it does this, I see a drop for the internal IP address in
> my firewall log, and the guy at the other end sees my internal address
> instead of the NATed address so it is dropped on his end also.
>
> For example:
>
> Say the IP address of my computer is 192.168.0.125 and it is NATed to
> 216.100.100.33, when it starts the communication with the other firewall to
> encrypt the data it sends over 216.100.100.33 starts doing its thing, then
> it reinstalls the key with the other firewall during the transfer, and
> starts sending 192.168.0.125 out instead of the correct address.
>
> I hope I explained it good. Any ideas?
>
> Thanks in advance!


_____________________________________________________________________________________
Get more from the Web.  FREE MSN Explorer download : http://explorer.msn.com



================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.