[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Proxy ARP is breaking my NAT connection.

To: [email protected]
Subject: Re: [FW-1] Proxy ARP is breaking my NAT connection.
From: Bill <[email protected]>
Date: Thu, 26 Sep 2002 13:48:40 -0400
References: <CDD1A4B603AED5118D3E0008C7CF89380111CB34@navexc05-bu.min.navisite-int.com>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I think you are wrong about using the vrrp mac.  I have used 3.4.1 fcs 11
and versions of 3.5.  Both allowed you to specify a vrrp mac.  In the newer
versions you have drop down menus to choose user-defined, interface, etc.

----- Original Message -----
From: "Kelley, William" <[email protected]>
To: <[email protected]>
Sent: Thursday, September 26, 2002 12:42 PM
Subject: [FW-1] Proxy ARP is breaking my NAT connection.


> I Have an issue I'm curious about.
> > I've set up NAT on a VRRP pair of Nokia 440's. I had to set up a proxy
ARP
> > on each to allow for the NAT to work properly. I'm running
> > IPSO 3.4.1 fcs12, which does not allow you to use the VRRP MAC address
> > when resolving to your NAT for the proxy ARP, it only allows you to use
> > the physical MAC for the external interface. Problem I have, is when the
> > firewalls failover the NAT breaks. Now the upstream router of course
never
> > learns the MAC address for the newly promoted firewall and will not for
2
> > hours when my ARP cache times out. Is there a way to get around this? Am
I
> > approaching this incorrectly?? Any advise would be  helpful..
> >
> > thanks,
> > Bill
> > [email protected]
> >
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] Proxy ARP is breaking my NAT connection.
  - From: "Kelley, William" <[email protected]>

Prev by Date: [FW-1] Sonicwall VPN to Checkpoint NG
Next by Date: Re: [FW-1] Problem with arp -s in NG firewall on Windows 2000 server
Prev by thread: [FW-1] Proxy ARP is breaking my NAT connection.
Next by thread: Re: [FW-1] Proxy ARP is breaking my NAT connection.
Index(es):
- Date
- Thread