[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] routing problem
The client in site A that you are trying to ping from site B may need a route back to the site B network. It is not enough to have the routes defined in the router. David Hoobler -----Original Message----- From: Idan Dolev [mailto:[email protected]] Sent: Sunday, May 20, 2001 9:07 AM To: Firewall (E-mail); Firewall_Mailing_List (E-mail) Subject: [FW1] routing problem Guys, I have firewall 4.1 SP3 on NT 4.0 SP6. the site config is as follow: internet | | | firewall | | SITE A -------------- | | client router A----------------------------router B | | SITE B --------------------------- | client in words...2 Lan's are connected using Cisco routers. site is 192.168.0.0/24 and site b is 192.168.1.0/24 the firewall has rule base which allows everything from site A to site B. Site B is able to serf the internet going throw the firewall. Router B default gw is router A, router A default gw is the firewall plus a route indicating that if you want to reach 192.168.1.0 you should go throw routers B. On the firewall there is a static route indicating that if you want to reach 192.168.1.0 you should go throw router A. If I ping site B from site A everything works like a charm. If I try to ping from site B to A, I do not get any answer. If I insert manually on one of the stations in site A a route indicating that if you want to reach 192.168.1.0 you should go throw router A, and than ping from B to A, it works...... So to conclude. A ping is sent from site B to A, reaches his destination ( since it is its only route to the world ), the machine from site A asks the default gw (which is the fw ) which where to go, the firewall either does not give the correct ICMP REPLY the station does not know how to handle the ICMP REPLY. now I checked this config with various clients since I know win9x does not know how to handle ICMP redirect so assume I am using win2K as clients. I then disabled in my firewall using a registry key the entry for ICMP redirect which means that he would not send it any more, and still it does not work. so the routing is good since SITE B goes the internet throw the firewall so where is the problem ? Idan ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|