----- Original Message -----
Sent: Monday, July 09, 2001 10:56
AM
Subject: Radius + Ras +Firewall
Dear all,
we are
experiencieng a very strange problem.
We have a radius server connected
to a max6000 wan router,all users coming
from dial-up network receives an
ip adress from the pool configured in the
max6000 Ascend.
then in the
CP firewall we have a rule :for this pool do NAT
I can connect and even
get authenticated by the server.
in my client box (windows) i run
winipcfg and for the ppp connection i see
the ip adress of the pool and
not the valid one as a result cannot browse the
internet.
any help?
Server Radius :solaris 2.6 on E250
Firewall
:solaris 2.6 check point fw-1 4.1 on ultra 10
Ras server Max6000
Ascend
the route table on the router:
** Ascend Pipeline Terminal Server **
ascend% iproute show
Destination
Gateway
IF Flg Pref
Met Use
Age
0.0.0.0/0
172.16.1.1 ie0
SGP 60 1 16292
320693
127.0.0.0/8
-
bh0 CP
0 0 0
320693
127.0.0.1/32
-
local CP 0
0 0
320693
127.0.0.2/32
-
rj0 CP
0 0 0
320693
172.16.1.0/24
-
ie0
C 0 0
21336 320693
172.16.1.0/24
-
ie0 *S 100
1 0
127398
172.16.1.2/32
-
local CP 0
0 20765 320693
172.16.2.18/32
172.16.2.18 wan19
rT 60 1
174
78
224.0.0.0/4
-
mcast CP 0
0 0
320693
224.0.0.1/32
-
local CP 0
0 0
320693
224.0.0.2/32
-
local CP 0
0 45
320693
224.0.0.5/32
-
local CP 0
0 0
320693
224.0.0.6/32
-
local CP 0
0 0
320693
224.0.0.9/32
-
local CP 0
0 0 320693
255.255.255.255/32
-
ie0 CP
0 0 12 320693
ascend%
the net that connects the router and firewall
is 172.16.1.0 mask 24
router adress 172.16.1.2 ===firewall adress 172.16.1.1 and he is
the default gateway in the router.
from the table:172.16.1.0/24
-
ie0
C 0 0
21336 320693
appears to be the right route to the net of the
firewall.
0.0.0.0/0
172.16.1.1 ie0
SGP 60 1 16292
gateway seted
172.16.2.18/32
172.16.2.18 wan19
rT 60 1
174 78
wan interface created in the ppp
connection
Thankx in advance
Fabio