[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] NG Proxy on Nokia
I?ve got a problem setting up Non-transparent User Authentication (proxy) on a Nokia IP440 with IPSO 3.4.2 and CP FW1 NG FP1. I?ve set prompt_for_destination to true and loaded the database on the firewall. I telnet to the inside interface of the firewall, and then I am prompted for my firewall username and password. After the firewall approves, I am prompted for destination. I enter the IP address of my outside ISP router and then get a connection refused. I've also tried with an enrty in the host file. The router interface is not in DNS. I can telnet from the console of the firewall to the router. The fw logs show that my telnet session is approved. The same happens for ftp out to a remote server(ftp.cisco.com). From inside, I get a server closed connection, but it works from the console. I have private IP addresses inside the firewall and do not have NAT enabled. I have a split DNS installation where the Nokia's DNS server is only for outside entries. When I run a sniffer on the outside network, I see the firewall perform a DNS lookup for the name, and then it does a reverse lookup for the IP address of the remote server. I also see dns lookups for localhost, and the hostname of my firewall (hqflab02). These names are in the hosts file and hosts.equiv is set to host then bind. The reverse lookups and the lookups of the firewall do fail. I do not see any other traffic from the firewall after the DNS lookups fail. ===== -- Derek C. Jones - RCDD/LAN, CCDP, CCNA, MCSE, CNE Scouter - BSA Troop 994 Woodstock, GA http://www.geocities.com/dcjones21/ [email protected] __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|