Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Ping question

To: [email protected]
Subject: Re: [FW-1] Ping question
From: "David E. Hoobler, Jr." <[email protected]>
Date: Thu, 11 Oct 2001 23:00:26 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I have a similar configuration.  I use the static routes, like you have
created, as a permamnent solution.  You could make the 2500 connected to the
172.17.x.x subnet the default route for each macjine in that subnet.  You
could then make the default route for the router the firewall.  That would
avoid the need for static routes in hosts in the 172.17.x.x subnet.  You
will take a perfomance hit when browsing the Internet from that subnet
because packets would have to bounce off the router, but administration
would be simpler.

David Hoobler


> -----Original Message-----
> From: Guibord, David [SMTP:[email protected]]
> Sent: Thursday, October 11, 2001 11:39 AM
> To:   [email protected]
> Subject:      [FW-1] Ping question
>
> Hi all,
>
>               Internet  router
>                     |
>                     |
>        -------- Firewall ------ DMZ
>        |                |
>        |                |
>        |                |
> 172.18.x.x      |----------  172.17.x.x------- 172.30.1.x
>
> All networks have a direct connection to the firewall, except for the
> 172.30.1.x network which is offsite and connected via two cisco 2500
> series routers.  The 172.30.1.x network can ping all firewall interfaces,
> the dmz, and the 172.18.x.x network without a problem.  When it tries to
> ping the 172.17.x.x network the requests time out.  I'm assuming that this
> is happening because the request goes directly to the pc or server in
> question, but the reply has to go back through the firewall which is the
> default gateway for the 172.17.x.x network and the firewall does not like
> to get requests when it doesn't see the reply in the first place and drops
> it.  Users have no problems connecting for files and such, just pinging
> which we use for troubleshooting connectivity.  As a work-around I've
> created a static route on a server in the 172.17.x.x network that will
> respond directly to the 172.30.1.x network for troubleshooting.  Is there
> another way around this via making a change to the firewall?  Oh, we are
> running 4.1sp2 on an nt4 sp6 box.
>
> Thanks for any help,
>
> Dave Guibord
> MCSE, MCP+I, CCNA
> pmh caramanning inc.
>> [email protected]
>
>
>
>

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW-1] ftp data blocking problem
Next by Date: Re: [FW-1] NOKIA IP650 panics continuously...
Previous by thread: Re: [FW-1] Ping question
Next by thread: [FW-1] Domain objects
Index(es):
- Date
- Thread