[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] SR Encrypt Domain, Subnet question
there's a function within FW-1 4.1 called NAT pooling - try enabling that. What it does is assign your SR client's an illegal ip address from a pool of address' (in your case - some range within the 172.1.0.0 subnet ) that you can configure on your firewall's SR interface. By assigning a pooled address to the VPN SR connection, the data packets know where to return to each SR client and don't head off unencrypted through your internal network's default gateway. hope this helps Ashleigh Martin Systems Engineer DATA#3 Limited Ph: +61 3 9864 2000 Fx: +61 3 9864 2099 mailto: [email protected] Web Site: http://www.data3.com.au Tom Sevy <[email protected]> Sent by: To: "FWList (E-mail)" <[email protected]> [email protected] cc: kpoint.com Subject: [FW1] SR Encrypt Domain, Subnet question 16/01/2001 03:31 AM We have added a new subnet that is not local to the Firewall. A network Object has been created for this lan (Class B RFC 1918 172.16.0.0). And the firewall (IP440) knows the route to reach this segment. The network object has been added the the Encryption Group. However [using SR on W2K] traffic sent to 172.16.x.x does not go through SR and goes right out the default router unencrypted. Did I miss any steps here? SR can reach everything else that is local to the FW. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|