| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Routing in NT with 3 nic's
Bob,
I have the same scenario, but solved in a different way with Checkpoint
VPN1 and Cisco :
1) Put the second net as an alias in the first external card.
2) Configure manually the FW1 object´s interfaces adding a new
interface with any name and with it´s aliased IP
3) Add 2 NAT rules at the bottom.
One rule will have:
INTRANET EXTERNAL_ACCESS_1 ANY EXTERNAL_ACCESS_1_NAT original original
The last rule will have:
INTRANET ANY ANY EXTERNAL_ACCESS_2_NAT original original
Put into EXTERNAL_ACCESS_1 all destination networks that sould be
accessed thru it.
Create EXTERNAL_ACCESS_1 as an external workstation object
with the IP of external card.
Create EXTERNAL_ACCESS_2 as an external workstation object
with the IP of external card`s alias on the other network.
4) Move both networks to a single Cisco router and do the following:
4.1) Create two access lists
access-list 1 permit <NET 1> <REVERSE NET 1 NETMASK>
access-list 2 permit <NET 2> <REVERSE NET 2 NETMASK>
4.2) Create two route-map statements
route-map CHECK_SOURCE permit 10
match ip address 1
set ip next-hop <WAN or LAN IP 1>
!
route-map CHECK_SOURCE permit 20
match ip address 2
set ip next-hop <WAN or LAN IP 2>
!
4.3) Insert the following into your FastEthernet or Ethernet port
interface Ethernet0
ip address <NET 2`s IP ADDERSS> <NET 2`S NETMASK> secondary
ip address <NET 1`s IP ADDERSS> <NET 1`S NETMASK>
ip policy route-map CHECK_SOURCE
!
Hope it helps, since you didnt specified why you have two external
interfaces.
Oh... dont forget to populate cisco ip routing table with the static
routes
of the NAT objects for both networks.
[]'S
------------------------------------
Antonio Costa
Odebrecht Engenharia e Construcao
TI Infra-Estrutura de Rede
[email protected]
Tel.: +55-21-2559-3015
Fax.: +55-21-2559-3164
-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of Bob
Billington
Sent: Sunday, August 12, 2001 4:22 AM
To: [email protected]
Subject: [FW1] Routing in NT with 3 nic's
Folks,
I have an NT 4 (sp 6a) host with three nics. The
first has an external IP address (206.43.x.x) and
directly connects to our router. The second nic has a
192.168.1.x address with static NAT - this is
working!!
My problem is - the third nic. This nic has an
external IP address (206.67.x.x) and I can not seem to
connect to it from the Internet side of the firewall.
When I check the routing table, there is an entry for
the 206.67.x.x network and has its gateway as the
address I have assigned at the firewall. The address
of the nic itself has a gateway of 127.0.0.1. I have
tried to add a route that points the 206.67.x.x
network to the external interface of the firewall,
however this was unsuccessful.
I have an any any any accept rulebase, and when I
ping, I do not get any joy.
Is this a routing issue? should I be considering proxy
arps's?
your help would be much appreciated...
thanks
____________________________________________________________________________
_
http://shopping.yahoo.com.au - Father's Day Shopping
- Find the perfect gift for your Dad for Father's Day
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
