NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Odd Routing Question



I am running a legacy Checkpoint 4 on Windows NT 4 SP3. I am trying to set
up the following situation:

Computer        Computer1       Computer2       Computer3       FW-1
Computer 4      Router1
Interface 1     172.16.0.2      172.16.0.1      10.10.10.29     10.10.10.3
10.10.10.38     10.10.10.177
Interface 2     NA              Internet                Internet
Internet                NA              NA
Mask            /12             /12             /20             /20
/20             /20
DGateway        172.16.0.1      ISP Router      FW-1            ISP Router
FW-1            FW-1

Computer FW-1 is using NAT to give Computer 3 a valid internet Address.
Computer 2 and Computer 3 are establishing a VPN using Microsoft RRAS.
Computer 1 and 2 are at a remote site.
Computer 3,4, FW-1, and Router1 are at Corp HQ.
FW1 is the Default Gateway for Corp HQ.
Router1 has a static route to computer3.

Chain of traffic is as follows:

Computer1 ==LAN==> Computer2 ==VPN==> Computer3 ==LAN==> Computer4
                                               (Through FW-1
                                                NAT)

Here is the problem:

Computer 2, Computer 3 and Computer 4 can ping anyone on either network.
Computer 1 can ping computer 2 and Computer 3 at any time.

Computer 1 cannot ping Computer 4 unless one of the following occurs:
        1. Computer 4 pings computer 1; Then 1 can ping 4 for 10 minutes.
        2. Computer 4 points it's Default Gateway at Router 1. Then 1 can
ping 4 anytime.
        3. Computer 4 points it's Default Gateway at Computer 3; Then 1 can
ping 4 anytime.
        4. Computer 4 adds an active route to it's local routing table. Then
1 can ping 4 until 4 reboots.
        5. Computer 4 adds a persistent route to it's local routing table.
Then 1 can ping 4 anytime.

Even though 4 can ping 1 using FW-1 as it's default gateway, 1 cannot ping 4
until a static local route is specified, or a different default gateway is
chosen. OR 4 can ping 1 using FW-1 as it's default gateway, but cannot
return the ping from 1 using the same configuration. I have a lot of
Computer4's and would rather not reconfigure their default gateways or add
static routes to all of them. Is there some way to get a FW-1 computer to
route the ping reply across the VPN or is it the nature of the beast not to
route the ping replies and why?


__________________
This message (including any attachments) contains confidential
and privileged information intended for a specific purpose, and
is protected by law. If you are not the intended recipient, you
must delete this message and any attachments. You are hereby
notified that any disclosure, copying, or distribution of this message,
or any attachments, or the taking of any action based on it,
is strictly prohibited. Opinions, conclusions, and other information
in this message that do not relate to the official business of
Automating Peripherals, Inc. (API) shall be understood as neither
given nor endorsed by API.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.