[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Routing problem between nets behind firewall through router
Hi, I have a the following setup : ------ 172.23.1.1/16(inside) | FW |--------------------------- ------ | | | | -------- -------------------- |Router| |PC1-172.23.10.127 | -------- -------------------- |10.20.30.1 | | | ----------------- |PC2-10.20.30.2 | ----------------- The router and PC1 have a default route to the FW on 172.23.1.1 PC2 has a default route to the router 10.20.30.1 The FW has a route for the 10.20.30.0/24-net pointing to the router. I can ping from PC1 to PC2, but not the other way from PC2 to PC1 The reason for this I belive is that when a packet goes from PC2, it goes the following way : PC2->Router->PC1 (This is a hop count(TTL) of 2) but the return packet goes : PC1->FW->Router->PC2 (TTL = 3) So the return packet will have a TTL=2 and will therefore be droped on the router when it has gone through 2 hops on the way back. It works the other way, because the first packet will go 3 hops, and the return packets only have to go over 2 hops, so it will not be dropped. There are some cumbersome solutions to this, like setting up host-routes on the router, or setting up a special route on PC1 for the 10.20.30.0-net, but these solutions are not very good. Does anyone have any smart solution to this ?? Can the PC1(W2K) participate in some rip or other dynamic routing protocol to solve this, if so then how ?? Thanks Arnor Arnason, CCNA, CCSA/CCSE [email protected] EJS, Iceland ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|