[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] NAT on FW NG FP2
Hallo *, I have a FW NG FP2 (W2k) and need to translate a couple of internal (invalid) IP addresses for special connections. I configured the relevant objects with static NAT and let the global NAT properties as default (all automatic). If a internal mashine tries to connect the external machine the log says: service : ssh source : internal machine destination : external machine action : accept info : (none) service : (none) source : valid IP for internal machine destination : router (gateway for FW on LAN site) action : drop info : icmp-type 3 icmp-code 0 message_info address spoofing service : (none) source : FW destination : invalid IP for internal machine action : drop info : icmp-type 5 icmp-code 1 message_info packet out of state The connection can not be established. In the FW properties anti-spoofing is enabled, for the internal interface I used a group with both networks in it (LAN & translated network). The FireWall-1 Guide say's if the global parameters set to 'all automatic' no more configurations are necessary. What do I wrong? Thanks for help! Katrin Mit freundlichen Grüßen K. Gierke _________________________________________________________________________ MVD GmbH Potsdam | Netzwerkadministratorin Abt. EDV | Telefon: +49 331 2840-944 Friedrich-Engels-Str. 24 | FAX: +49 331 2840-905 14473 Potsdam | eMail: [email protected] ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|