Mick,
Interesting problem but not the first time I've ever run across it. Your
choices are not particularly good.
The firewall exterior Ethernet and router talk to each other using the MAC
address of the card so you can "fool" the router into sending data to it by
entering static ARP entries into the router table. For example:
FW External NIC (192.168.1.2) has a MAC of 00:00:60:12:34:56, I put this MAC
in the Cisco ARP table for
Workstation 194.217.66.10 and the router will always send data destine for
that workstation to the external interface on
the firewall. The firewall will route it to the proper end point on the
interior network. Of course this requires that you enter all
200 workstation addresses into the router ARP table.
An alternative, if you can get the Sun to do it, is set the Sun to ALWAYS
answer EVERY ARP request it see with it's own MAC address. Then it will
load the table for you.
A third possibility would be to subdivide your class C address. Use one
segment on the outside and all the others on the inside. This could be very
difficult if your IP numbering scheme is spread all over.
Cisco Router (194.217.66.1) > >FW Internal NIC
(194.217.66.1)
> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, November 03, 1999 4:25 AM
> To: [EMAIL PROTECTED]
> Subject: Same Class C both sides of a Firewall? (Newbie question)
>
>
>
>
>
>
> I am trying to replace a Guardian Firewall with Checkpoint Firewall 1
> (v4). The
> router's IP address is 194.217.66.1, as is the internal network card on
> the
> firewall. Guardian sets up a Virtual adapter to allow this to happen.
> Unfortunately, Firewall-1 doesn't work the same way and I'm now banging my
> head
> on the wall trying to work this out. The only alternative is to assign a
> private Class C internally but as all addresses are currently static this
> would
> mean updating a couple of hundred workstations.
>
> The Guardian Firewall's ARP ini file looks like this:
>
> [Common]
> Virt_Router_IP_Address=192.168.1.2 (adapter's default gateway IP)
> Real_Router_IP_Address=194.217.66.1 (router's IP Address)
> GuardianIPAddress=194.217.66.244 (adapter's virtual IP)
> DefaultARP=NO
>
> What it physically looks like is:
>
> Cisco Router (194.217.66.1) > FW External NIC (192.168.1.2) >FW Internal
> NIC
> (194.217.66.1)
>
> Can this be done?
>
> Mick
>
> E-MAIL DISCLAIMER: The information in this e-mail is confidential and may
> be
> legally privileged. It is intended solely for the addressee and access to
> the
> e-mail by anyone else is unauthorised. If you are not the intended
> recipient,
> any disclosure, copying, distribution or any action taken or omitted to be
> taken
> in reliance on it, is prohibited and may be unlawful. When addressed to
> our
> clients, any opinions or advice contained in this e-mail are subject to
> the
> terms and conditions expressed in the governing client engagement letter
> or
> contract. If you have received this is e-mail in error please forward to
> [EMAIL PROTECTED]
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
