[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] internal network/NAT (eventually VPN)

To: [email protected]
Subject: Re: [FW-1] internal network/NAT (eventually VPN)
From: Peter Papadopoulos <[email protected]>
Date: Wed, 30 Oct 2002 13:32:01 -0600
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Vic,

arp your router on an External ip on the firewall (dont forget to route to
it)
accept with a rule the traffic you are interested for.

Pete


-----Original Message-----
From: Vic G [mailto:[email protected]]
Sent: Wednesday, October 30, 2002 10:56 AM
To: [email protected]
Subject: [FW-1] internal network/NAT (eventually VPN)


I'm attempting to set this up, here is my config (be kind..)

Very int              IntDMZ        FW       External
15.x.x.x    Router  10.10.10.x     10-12     12.x.x.x


There is a router between "very internal", (which also has other routers to
more internal nets...)
I need a client on the outside(internet) to be able to get to an very
internal host station (eventually VPN to a similar setup on other side). I
have on my INT DMZ some hosts (Static Nat'd to the external address) and
that works OK. The Router is static NAT'd as a workstation, with NAT
enabled. (one IP is 10.x.x.x, other is 15.x.x.x)I've tried HIDE and STATIC
(not sure what it should be...)
The Internet router has static route statments to force the external address
to the FW. How does someone on the Internet address (what could be) many
internal addresses on the inside networks?

All the examples I see are only 1 level deep (ie the 10.x.x.x is hide/natted
to the outside). I need to get 1 more level in.

What am I missing here?
Vic








_________________________________________________________________
Unlimited Internet access -- and 2 months free!  Try MSN.
http://resourcecenter.msn.com/access/plans/2monthsfree.asp

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] ftp over ssl
Next by Date: Re: [FW-1] internal network/NAT (eventually VPN)
Prev by thread: [FW-1] internal network/NAT (eventually VPN)
Next by thread: Re: [FW-1] internal network/NAT (eventually VPN)
Index(es):
- Date
- Thread