Hi - I've come across something strange (strange to me anyway)when deploying a router on lan segment with a checkpoint fw. I can 'fix' the problem but I have no idea what is causing it. If somebody could enlighten me I'd appreciate it.
The scenario is: There is a 1720 that has a static route configured to route a particular subnet or address via the address of the checkpoint fw interface on that lan segment (very complicated stuff I know but stay with me ;-) ). Now this is where the funny business starts - you attempt to get end to end connectivity to the host you are trying to get to on the other side of the Checkpoint and it won't work. 1. Do a debug ip packet detail and you get encapsulation failed... 2. Look at the arp table on the 1720 and there are 2 complete arp entries - 1 for fe0 and 1 for the checkpoint. THERE IS ALSO AN INCOMPLETE ENTRY FOR THE HOST ON THE OTHER SIDE OF THE FIREWALL (which of course is on a different subnet). 3. Scratch head and frown 4. Try a static arp entry mapping the ip address of the host on the other side of the firewall to the MAC address of the firewall and presto it works! I've run into this situation a few times now and the there is always a checkpoint involved so I'm guessing that it may have something to do with the routing capability of the checkpoint? I know that this is a cisco discussion group but I think this is still fairly relevant. Any advice much appreciated - Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29283&t=29283 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
