[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] putkey breaks a previous putkey with NAT involved
Hi there everyone Below is the situation, Management Server = Windows 2000 Server, Check Point 4.1 SP5 Lic = CPVP-VEE-U-3DES-MGMT-V41 IP = 10.10.0.200 NATted = 192.168.1.52 Module A = Nokia IP440 IPSO 3.4.1 Check Point 4.1 SP5 Lic = CPVP-VEE-U-3DES-MODULE-V41 Ext IP = 192.168.2.50 Int IP = 10.10.0.211 Proxy Arp on external interface for 192.168.1.52 Static Route from 192.168.1.52 to 10.10.0.200 Module B = Nokia IP71 Check Point 4.1 Lic = CPVP-VSO-50-DES-V41 Ext IP = 192.168.1.150 Int IP = 10.0.11.211 The Instructions that came from CP Knowledge Base... "How to run fw putkey when Static NAT is used for the Management Station" The info below has been changed to suite my configuration, the 192.168.*.* range has been changed from their valid ranges. Stage 1 - Management Server and Module A 1. Both Machines - fwstop 2. Mgnt - fw putkey -n 10.10.0.200 10.10.0.211 3. Mod A - fw putkey -n 10.10.0.211 10.10.0.200 4. Mgnt - fwstart 5. Mod A - fwstart 6. Define Object Mod A in Policy Editor 7. Define Object Mod B in Policy Editor 8. Mgnt has been defined with IP Address 10.10.0.200 and a Static NAT address of 192.168.1.52 9. Define rule: source = mgnt, dest = modA / modB, serv=FW1, Action = Accept 10. Install policy 11. Ping IP 192.168.1.52 and make sure static NAT works Stage 2 - Management Server and Module B 1. Both Machines - fwstop 2. Mgnt - fw putkey -n 10.10.0.200 192.168.1.150 3. Mgnt - fw putkey -n 192.168.1.52 192.168.1.150 4. Mod B - fw putkey -n 192.168.1.150 192.168.1.52 5. Mod B - fw putkey -n 192.168.1.150 10.10.0.200 6. Mgnt - fwstart 7. Mod B - fwstart 8. Install policy The Problem: Stage 1 works like a charm, policy installs and everything, have rules which allow the management server to manage all the firewalls. Can connect to services outside the firewall module, can even connect to module B. But... when going onto stage 2 and I run steps 2-3 and after restarting the modules I lose the secure connection to module A. I just can't seem to get module B to establish a secure connection. I need to be able to manage around 8 firewalls externally and 2 firewalls internally Any help will be greatly appreciatedTitle: putkey breaks a previous putkey with NAT involved Hi there everyone Below is the situation, Management Server = Windows 2000 Server, Check Point 4.1 SP5 Lic = CPVP-VEE-U-3DES-MGMT-V41 IP = 10.10.0.200 NATted = 192.168.1.52 Module A = Nokia IP440 IPSO 3.4.1 Check Point 4.1 SP5 Lic = CPVP-VEE-U-3DES-MODULE-V41 Ext IP = 192.168.2.50 Int IP = 10.10.0.211 Proxy Arp on external interface for 192.168.1.52 Static Route from 192.168.1.52 to 10.10.0.200 Module B = Nokia IP71 Check Point 4.1 Lic = CPVP-VSO-50-DES-V41 Ext IP = 192.168.1.150 Int IP = 10.0.11.211 The Instructions that came from CP Knowledge Base... "How to run fw putkey when Static NAT is used for the Management Station" The info below has been changed to suite my configuration, the 192.168.*.* range has been changed from their valid ranges. Stage 1 - Management Server and Module A
Stage 2 - Management Server and Module B
The Problem: Stage 1 works like a charm, policy installs and everything, have rules which allow the management server to manage all the firewalls. Can connect to services outside the firewall module, can even connect to module B.But... when going onto stage 2 and I run steps 2-3 and after restarting the modules I lose the secure connection to module A. I just can't seem to get module B to establish a secure connection. I need to be able to manage around 8 firewalls externally and 2 firewalls internally Any help will be greatly appreciated
|