Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Problem with Static NAT in a lab environment

To: [email protected]
Subject: [FW-1] Problem with Static NAT in a lab environment
From: Marc Kisner <[email protected]>
Date: Thu, 20 Dec 2001 15:08:54 -0000
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi all,

I am testing static NAT between two firewalls. fw.madrid.cp and fw.rome.cp

Set up is as follows

Each firewall has a web server sitting behind it on a private network. I
have created all the correct objects on each firewall and everything works
as expected untill Static NAT rules are applied.

In the workstation properties for each web server object, I click on NAT tab
and put in VIP address for the webserver. I also add the VIP address in the
NAT tab of partner city webserver. I have checked the corresponding
properties on each firewall and they are all correct.

The problem is as follows

When I connect to the VIP address for www.madrid.cp from fw.rome.cp via http
everything works fine and the logs confirm that NAT is configured correctly.
When connecting to www.rome.cp from fw.madrid.cp via http the connection
fails and is dropped by fw.rome.cp. The logs on  fw.rome.cp have the
following;

the_flags 2 message_info_TCP packet out of state

I may be missing something obvious buit any assistance would be most
helpful.


Thanks


Marc








Marc Kisner
Harrier Group

Switchboard:    +44 (0)Facsimile:      +44 (0)Mobile: +44 (0) 77740 431 598
DDI                     +44 (0)Email:  mailto:[email protected]
Web:    http://www.harrierzeuros.co.uk

Privileged/Confidential Information may be contained in this message.  If
you are not the addressee indicated in this message (or responsible for
delivery of the message to such person), you may not copy or deliver this
message to anyone.  In such case, you should destroy this message and kindly
notify the sender by reply email.  Please advise immediately if you or your
employer do not consent to Internet email for messages of this kind.
Opinions, conclusions and other information in this message that do not
relate to the official business of my firm shall be understood as neither
given nor endorsed by it.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Problem with Static NAT in a lab environment
  - From: "Fernando Hagelsieb C." <[email protected]>

Prev by Date: Re: [FW-1] Network Interface Card
Next by Date: [FW-1] FW: [FW-1] Load averages on the Nokia platform
Previous by thread: Re: [FW-1] SecuRemote question ?
Next by thread: Re: [FW-1] Problem with Static NAT in a lab environment
Index(es):
- Date
- Thread