| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] IKE packets do not follow static route, TCP does (FW1-4.1VPN, Solaris)
I have a weird problem on FW1 4.1 SP2 on a Sun Solaris box.
For testing purpose I have added a test router on my external segment and
simulated the adresses of a future remote site behind that router. I have test
system with 4.1 SP2 on an NT box behind the test router. This should allow me to
configure the test system before having it shipped to its future destination.
To make sure packets for the test system are sent to the test router an not to
Internet I have added a route on the solaris box with route add -host
host_address gateway_address.
The weird thing is that TCP trafic (say, install of policies, or transfer of
logs) works fine, but the sun box sends the IPSec trafic to the internet router,
totally ignoring my static route. I can clearly see that by snooping the Mac
destination address on the packets that leave external interface. TCP and UDP
packets have the mac destination of the test router, IKE packets have the mac
address of the Internet router. Ping and traceroute also work as expected.
My question is:
- what prevents CP FW1 to send IPSec packets to the gateway registered in the
sun's routing table. Is this application related (e.g. does CP-FW1 do its own
routing) or is it Solaris related.
Any help greatly appreciated.
Philippe Oechslin
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
