| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] ICMP Transit Error
Are you natting only from inside to outside or from dmz to outside too?
Bye
Thuan Pham <[email protected]>
Sent by: To:
[email protected] [email protected]
kpoint.com cc:
Subject: [FW1] ICMP Transit Error
05/06/2001 02:42
Hello All:
I have an Extranet CheckPoint Firewall-1 that connects to a Cisco
AS5300 pointing to external networks. On the CheckPoint Firewall-1 server,
there are three interfaces: hme0 (connected to internal networks), hme1
(connected to the DMZ zone), and hme2 (pointing to the AS5300 which
connects to external networks). There is no NAT running. Here are the
problems that I encounter:
1. When I telnet to the DMZ workstation coming off from the hme1 interface
of the Firewall-1 server, I am able to login in. However, my internal
address is being NAT to a valid public routable IP address which has been
set up on the Internet Firewall-1 that I currently have.
2. When I am in the DMZ workstation and try to ping a host on the other
side of the external interface of the Firewall-1, I get the error message:
ICMP Time exceeded in transit from <DMZ Interface IP Address on the
CheckPoint Firewall Server>
for icmp from SJ-TAC01 <DMZ Workstation IP Address> to daem01
<External Host IP Address>
I have tried to change a few things but I have not been able to fix the
problems. I would appreciate any comments that will be provided.
Thanks,
Thuan Pham
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
