[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] NAT problems from internal hosts
Hi, we are using static NAT for our internal network consisting of web servers in different VLANS implemented on an internal router. External customers can connect to internal web servers, but some of our web servers external IPs aren't browsable from other internal subnetworks. most of our internal web servers can respond to internal clients using their external IPs. however the difference for those web servers that don't respond to http requests are that if you ping them internally they respond from internal IP and not external IP (no translation for reply packets). what we think that it is probably an issue for dual translation as when we connect internally both source and destination IP have to translated. ping works as their isn't any state table for it. but for http requests somehow the reply packets from the web server doesn't match with the connection in the state table and gets rejected as the web server source IP isn't translated. we don't know why it is happening as all web server objects are created similarlily with correct ARP and routing entries on the firewall. plus it is only happening for internal clients and not for external clients. for most web servers dual translation is happening without any problems. any help will be greately appreciated, regards, saans __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|