If what you mean is that you intend to use 148.x.x.x as the public address of your advertised services and that the servers themselves are addressed in some other range (hence the need for NAT) and assuming that you have NAT in place, you also need to take care of layer two (ARP). You can either put a static route on the router just outside your firewall for 148.x.x.x with a gateway or next hop of your firewall interface (200.x.x.x) so the router will know to arp for the firewalls IP whenever there is a 148.x.x.x address or tell the firewall to Proxy Arp for each 148.x.x.x address you want directed through it. If you choose Proxy Arp, you have the choice of either setting it up manually using the OS utilites or using the Checkpoint global parameter for automatic proxy arp - last I heard, fp3 was having some issues with this feature. If the entire 148.x.x.x network is allocated for translated address, I would suggested that the static route is probably the simplest approach and will probably be the least problematic. (assuming you have control over the external router). Bill On Monday, June 30, 2003, at 10:09 AM, Reinhard Stich wrote:
hi,
is 148.x.x.x your internal network?
did you enable NAT?
cheers reinhard
-----Urspr�ngliche Nachricht----- Von: Horacio Paredes [mailto:[EMAIL PROTECTED] Gesendet: Mo 30.06.2003 18:45 An: [EMAIL PROTECTED] Cc: Betreff: [FW-1] CP NG FP3 cant work with 2 different ip address ranges...
Hi everybody!!
I tried to migrate a PIX to CP NG FP3 in recent days but I had to recover the PIX, because when I configured CP FW-1 with a IP address on the outside interface (i.e. 200.x.x.x) and all the NAT�s are using the range of 148.x.x.x. All services (148.x.x.x) are not seen from internet only the addresses 200.x.x.x. The CISCO Pix is working fine with this scheme.
What do you think is the problem with this???
Regards,
Horacio Security Engineer
_________________________________________________________ Do You Yahoo!? La mejor conexi�n a internet y 25MB extra a tu correo por $100 al mes. http://net.yahoo.com.mx
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
