|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Anti-Spoofing Configuration
I assume you're talking about an external NAT on the firewall, such that the packet would need to "bounce off" the firewall and come back in on the NAT'd address. If so, I have never ever seen this work either. I've tested on Checkpoint, Watchguard, and PIX, all with the same result. I suspect it has to do with the asymmetry of a hide-mode outbound NAT coming back in through a different address, such that the firewall can't match it in the state table. We work around the issue by creating internal DNS entries to go straight at the resources we need. Anyone have a better/more accurate/more thorough explanation? Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc.The work/life solution for corporate thought leaders -----Original Message----- From: John Delano [mailto:[email protected]] Sent: Wednesday, December 06, 2000 9:18 AM To: [email protected] Subject: [FW1] Anti-Spoofing Configuration >From my internal network, if I try to connect to a device on the same internal network using the NATed address, it does not work. I have followed rules on phoneboy regarding this issue, but have had no success. This applies to my web server and my mail server. Has anyone dealt with this problem, or can offer any other suggestions? Regards, John Delano ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
