Tim, what network-addresses are used where with what masks ? I have seen similar problems with FW-1 related to proxy-arp.
Reinhold On Sat, 15 Dec 2001, Tim Begley wrote: > Hi - I've come across something strange (strange to me anyway)when deploying > a router on lan segment with a checkpoint fw. I can 'fix' the problem but I > have no idea what is causing it. If somebody could enlighten me I'd > appreciate it. > > The scenario is: > > There is a 1720 that has a static route configured to route a particular > subnet or address via the address of the checkpoint fw interface on that lan > segment (very complicated stuff I know but stay with me ;-) ). > > Now this is where the funny business starts - you attempt to get end to end > connectivity to the host you are trying to get to on the other side of the > Checkpoint and it won't work. > > 1. Do a debug ip packet detail and you get encapsulation failed... > > 2. Look at the arp table on the 1720 and there are 2 complete arp entries - > 1 for fe0 and 1 for the checkpoint. THERE IS ALSO AN INCOMPLETE ENTRY FOR > THE HOST ON THE OTHER SIDE OF THE FIREWALL (which of course is on a > different subnet). > > 3. Scratch head and frown > > 4. Try a static arp entry mapping the ip address of the host on the other > side of the firewall to the MAC address of the firewall and presto it works! > > I've run into this situation a few times now and the there is always a > checkpoint involved so I'm guessing that it may have something to do with > the routing capability of the checkpoint? > > I know that this is a cisco discussion group but I think this is still > fairly relevant. > > Any advice much appreciated - Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29291&t=29283 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
