[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] SecuRemote, NAT, and Firewall-1 NG
I have the following situation : SecuRemote - Hide Mode FW - Internet - Firewall (NG) - Server on 10.6 addr The SecuRemote client, on 192.168.1.100, can not access the web server on the 10.6.1.100 address. The SecuRemote client is hide mode NAT'd and the web server is not NAT'd at all. When the SecuRemote client has a real IP address, this works just fine. When it is being hide mode NAT'd it does not work. If the two firewalls are on the same subnet, and I add a route back to the 192.168.x.x network on the NG firewall through the 4.0 firewall, this will also work. I have :userc_IKE_NAT (true) In my objects.C file. I have UDP encapsulation enabled on the SecuRemote client. The problem is that I have set up this exact situation many times before using CheckPoint 4.1 and it works fine. In most of those cases, I am accessing a 172.16.x.x network from my 10.3.x.x desktop through my CheckPoint 4.0 firewall doing hide mode NAT. The Firewall is NG Feature Pack 1 running on Windows NT Service Pack 6a upgraded from NG off the CD. The SecuRemote client is Windows 2000 Service Pack 2 with SecuRemote NG build 51057 A tcpdump on the 10.6 network shows traffic originating either from the 192.168.1.100 address, or from the IP NAT Pool I configured, as well as the appropriate return traffic from the web server. A tcpdump on the external network shows UDP 2746 traffic between the external IP addresses of both firewalls which is correct when UDP encapsulation it used. I am going to reinstall the NG firewall and see if that fixes the problem. Please let me know if something I am trying to do here is just completely wrong. Thanks, -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|