| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] VPN Source Address Issue
I've got an IKE 3DES VPN over the internet working between two sites.
Both sites form part of an illegal addressing scheme (but are compatible
with each other) e.g. one is 17.1.x.x and the other is 17.2.x.x. Both have
FW-1 4.1 SP2 devices connecting to the internet, with an internal 17.x.x.x
interface and an external ISP assigned interface. One site is self
contained, the other forms part of a much larger WAN environment.
It all works fine whilst the default gateway for the hosts either side is
the firewall itself, but when I tried to connect to other subnets connected
to the large WAN environment it failed. On investigation this was because
the packets from the 17.1.x.x network exiting the firewall on the 17.2.x.x
network did not have the original 171.1.x.x source address, but instead
still had the internet facing address of the original firewall, which is
non-routable to the internal network.
Is there any way to get the packets "truly" encapsulated, such that when
they exit the firewall they have the original source IP address, which is
what I need in this instance to route them back.
Hope this is a reasonably clear explanation.
Neil Pike
Protech Computing Ltd
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
