Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] routing problem

To: "[email protected]" <[email protected]>
Subject: Re: [FW1] routing problem
From: Naresh <[email protected]>
Date: Mon, 21 May 2001 14:14:19 -0700
Sender: [email protected]


Idan

    Site B is able to browse the Internet since its default gateway is
Site A and
Site A's default gw is firewall. What site B does not know is that there
is a
network 192.168.0.0. If you have a static route indicating this like:

route add -net 192.168.0.0 netmask 255.255.255.0 gw site A

you should be able to ping site A hosts from Site B

Regards,
Naresh



Idan Dolev wrote:

> Guys,
>
> I have firewall 4.1 SP3 on NT 4.0 SP6.
>
> the site config is as follow:
>
> internet
>    |
>    |
>    |
> firewall
>    |
>    |    SITE A
> --------------
>     |   |
> client   router A----------------------------router B
>                                    |
>                                    |    SITE B
>                         ---------------------------
>                                 |
>                                 client
>
> in words...2 Lan's are connected using Cisco routers. site is
> 192.168.0.0/24 and site b is 192.168.1.0/24
> the firewall has rule base which allows everything from site A to site B.
> Site B is able to serf the internet going throw the firewall.
> Router B default gw is router A, router A default gw is the firewall plus a
> route indicating that if you want to reach 192.168.1.0 you should go throw
> routers B.
> On the firewall there is a static route indicating that if you want to reach
> 192.168.1.0 you should go throw router A.
> If I ping site B from site A everything works like a charm.
> If I try to ping from site B to A, I do not get any answer.
> If I insert manually  on one of the stations in site A a route indicating
> that if you want to reach 192.168.1.0 you should go throw router A, and than
> ping from B to A, it works......
> So to conclude.
>
> A ping is sent from site B to A, reaches his destination ( since it is its
> only route to the world ), the machine from site A asks the default gw
> (which is the fw ) which where to go, the firewall either
>
> does not give the correct ICMP REPLY
>
> the station does not know how to handle the ICMP REPLY.
>
> now I checked this config with various clients since I know win9x does not
> know how to handle ICMP redirect so assume I am using win2K as clients.
>
> I then disabled in my firewall using a registry key the entry for ICMP
> redirect which means that he would not send it any more, and still it does
> not work.
>
> so the routing is good since SITE B goes the internet throw the firewall so
> where is the problem ?
>
> Idan
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] State Table
Next by Date: RE: [FW1] State Table
Previous by thread: RE: [FW1] routing problem
Next by thread: RE: [FW1] routing problem
Index(es):
- Date
- Thread