|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] SR behind NAting device
I had the pleasure of doing this in a lab with a Check Point SE in its early stages, and indeed the original address should show up. The logging for this is coming from the encryption kernel which receives its input from the encapsulation handler. Just an explanation, not a solution, CryptoTech Yim Lee wrote: > I talked with CheckPoint and this is a known problem. > Currently, there is no known fix. > > Yim > --- Idan Dolev <[email protected]> wrote: > > > > some additional info : > > > > my network is ; > > > > station A-----firewall A----firewall B------station > > B > > > > LAN A is 10.0.0.0 LAN B 11.0.0.0 between A and B is > > 13.0.0.0. > > I am trying from station B to get to station A. > > Firewall B is hiding my station B ( HIDE NAT ) > > When I do site update I can authenticated > > successfully. and I see over in > > firewall A log the ip address of firewall A as the > > resource for the > > connection. > > When I try to connect to station A after the > > authentication I see in > > firewall A log my ORIGINAL IP of my station ????? > > of course when I add a route to firewall A to my > > original ip - everything > > works....... > > > > Is the right behavior ? should I see the original ip > > address of my station > > ??? > > > > Has anybody had a good experience with sp2 and udp > > encapsulation ?? > > > > Idan > > > > -----Original Message----- > > From: Idan Dolev [mailto:[email protected]] > > Sent: Thursday, November 30, 2000 11:39 AM > > To: Firewall_Mailing_List (E-mail) > > Subject: [FW1] SR behind NAting device > > > > > > > > > > > > > Hi guys, > > > > > > Well I am testing out the SR behind natted device > > and it seems not to work > > > for me.... > > > I can download the topology just fine, and as far > > as I read I should not > > > make any changes, it should automatically. > > > Any suggestions ? after installing sp2 the > > vpn1_encapsulation is already > > > defined plus the 2746 service. and I checked with > > or without the force > > > udp in the client > > it seems fine with topology but as soon as I try to > > connect I see in the > > firewall log the real invalid clients address....... > > > > > > > Idan > > > > > > > ============================================================================ > > ==== > > To unsubscribe from this mailing list, please > > see the instructions at > > > > http://www.checkpoint.com/services/mailing.html > > > ============================================================================ > > ==== > > > > > > > ================================================================================ > > To unsubscribe from this mailing list, please > > see the instructions at > > > > http://www.checkpoint.com/services/mailing.html > > > ================================================================================ > > __________________________________________________ > Do You Yahoo!? > Yahoo! Shopping - Thousands of Stores. Millions of Products. > http://shopping.yahoo.com/ > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
