[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Router/Firewall Issues
Well, if I read this correctly, then you would have at least two options: 1. make the FW the default gateway for net B, and when the internet link goes down, change it's routing to forward usesr to router B-1. 2. Use router B-1 as the default GW on net B. In case the internet-link goes down, change it's routing (default route) to point to router A-1. And that's (#2) exactly what Yves suggested in his posting, I think. I don't know much about routing protocols, but maybe this can be done automatically in the router, if it senses that it cannot pass traffic down the usual line? I have always been told that #1 is a bad idea (having FW as default GW), though I have not heard a reason yet. Cheers, Anders :) > -----Original Message----- > From: Fab Siciliano [mailto:[email protected]] > Sent: 23. november 2001 01:48 > To: [email protected] > Subject: Re: [FW-1] Router/Firewall Issues > > > This diagram I made can probably explain it a little better. Thanks > guys. > > http://www.brothersfromanother.com/security/my_net.gif > > -Fab > > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[email protected]] On > Behalf Of Yves > Belle-Isle > Sent: Thursday, November 22, 2001 9:49 AM > To: [email protected] > Subject: Re: [FW-1] Router/Firewall Issues > > > So we have: > > Internet --- FW-1 --- Intranet_A --- Router_A --- Router_B --- > Intranet_B > > So as Intranet_B can access Intranet_A it's mean than Router_A route > Intranet_B IP addresses to Router_B. > > I assume all of your Intranet_B hosts use Router_B as there default > gateway > > At your site the only thing needed is a default route on Router_B > pointing to Router_A > > At the other site Router_A need a default route pointing to FW-1 > > If Intranet_B IP address are not public they need to be NATed on FW-1 > > With that in place it should work's fine and maybe all you need is to > add the default route on Router_B to Router_A which seems the > only thing > you can try yourself... > > > At 20:23 2001-11-21 -0500, Fab Siciliano wrote: > >Hi all. > > > >I have a first time scenario that I'm hoping someone could shed some > >light onto. > > > >I have a site with NO internet access. > >A router connects this site to another site far away through a > >dedicated link. (T1/Frame-Relay) The OTHER site has FW1, allowing all > >of its users access to the internet, AND a router leading to > my end of > >the Dedicated T1. > > > >I can talk to the other side just fine, using the routers, and adding > >static routes, and default gateways. But, I can't get Internet access > >from my site THROUGH their site. Do you know how I can do this? > > > >Thank you, > > > >-Fab > > > >=============================================== > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >=============================================== > > > > ------------------------------------------------------------ > Yves Belle-Isle V.P. VE2YBI YB17 Email: [email protected] > Responsable des Systemes Tel:> Sogi Informatique Ltee. Fax:> ------------------------------------------------------------ > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|