[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] IP Pool Nat for securemote not working on linux
I have the following problem with my VPN-1 gateway 4.1 SP1 running on Linux Redhat 6.0 (kernel 2.2.5-15) I have configured it to use IP Pool Nat for securemote users. I have set up a range of 3 addresses for that. I also have added arp entries (arp -s ip mac pub) The 3 addresses are in the same subnet as the encryption domain so that there is not routing issue. But when I try to connect to one machine of the encryption domain, the IP I see is the original IP address of the securemote, not an address of the Nat pool. I have set up the same (but with SP2) on an NT machine and it works! When i look in the objects.C, I see the following differences in the defintion of the ip pool range 4.1 SP2 NT working: :netobjadtr ( : (secur :color (black) :type (machines_range) :comments () :ipaddr_first (193.210.193.213) :ipaddr_last (193.210.193.215) :add_adtr_rule (false) :netobj_adtr_method (adtr_static) :the_firewalling_obj ( :type (refobj) :refname ("#_All") ) :ip_pool_securemote (false) ) ) 4.1 SP3 linux not working :netobjadtr ( : (Pool-Nat-for-securemote :color (black) :type (machines_range) :comments () :ipaddr_first (193.210.193.213) :ipaddr_last (193.210.193.215) ) ) As you see, some lines are missing. If I add them, it works almost: now I see the IP address from the pool BUT my connection can not get through, because it seems that the linux kernel sends icmp redirect when a packet is sent back to the IP address of the pool. Is this a kernel problem? Thanks Siegfried ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|