Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NAT Question

To: "'Kondisetty, Sudhir'" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: RE: [FW1] NAT Question
From: MICHAEL J LAWRENCE <[email protected]>
Date: Tue, 15 May 2001 19:44:03 -0400
Organization: FOX TECHNOLOGY
Reply-to: "[email protected]" <[email protected]>
Sender: [email protected]

There are a couple of ways to approach this.  I prefer, however, not to run 
traffic in and out of a routing device or firewall unnecessarily.  That is, 
I don't like to bounce traffic off the firewall and back into the internal 
network when the destination host is simply a piece of wire away.

Since they're using Exchange, they're probably running NT internally.  If 
possible, set up hosts files to indicate the actual private address.  (NT 
experts: can you do this in a DHCP scope?)

Otherwise, use manual translation to tell the firewall to translate traffic 
from the internal network to the exchange server to the exchange server's 
private address.  Kind of clumsy, but it works.

source: internal_net
destination:Exchange_Public_Address

xlate source: internal net
xlate destination: Exchange_Private_Address.

Michael J Lawrence CISSP CCSI

-----Original Message-----
From:	Kondisetty, Sudhir [SMTP:[email protected]]
Sent:	Tuesday, May 15, 2001 9:18 AM
To:	'[email protected]'
Subject:	[FW1] NAT Question


Hello all,

I'm helping a company upgrade their CheckPoint firewall.  They have an
Exchange server on their internal network running Outlook Web Access (OWA).
Though they have plans to move it to their DMZ, for now they have to keep 
it
on their internal network.  The firewall is performing address translation
on the server.  The outside world and dmz access it fine.  However, the
internal hosts are having trouble accessing it.  The DNS server the client
is using is returning the valid (translated) address, not the actual
(internal)address.  If I traceroute the translated address, the path looks
correct - client>router>firewall>router>server.  However, they are not able
to access the server via http.  If I have them type in the actual address 
in
the URL, they have no problem.
Any ideas?
Thanks!
Sudhir


========================================================================  
========
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
========================================================================  
========



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Port 10008?
Next by Date: [FW1] What ports do I need for Secure Remote.
Previous by thread: RE: [FW1] NAT Question
Next by thread: RE: [FW1] NAT Question
Index(es):
- Date
- Thread