Thanks for the reply. I worked it out. THere was static NAT happening as well, and the packets were being translated where they should not have been.
Quick rule in the NAT tables and everything works. Thanks. Russell Aspinwall <[EMAIL PROTECTED]> wrote: > Neil Kemp wrote: > > Good Morning. I have a query which I have been racking my brains about, and > > was working on until midnight last night. Driving me mad !!!! > > > > I am at a customers site who has an existing 4.1 firewall with a mail relay > > server in the dmz (192.168.100.2 using interface 192.168.100.1) and relays > > mail to an internal exchange server which is ip address 172.17.3.22/16. the > > connection for this is routed across the firewalls interface (172.18.6.1/24) > > to an NT server acting as a router (172.18.6.45 to 172.17.1.112/16) and > > reaches the exchange server no problem. > > > > The exchange server has a default gateway of 172.17.1.109 and a static route > > had been created for 192.168.100.2 to route through 172.17.1.112. > > > > Everything works fine. > > > > However, when I replace the firewall on the network, built pretty much the > > same (same IP addresses etc) the only way I can get a connection to the > > exchange server from the Mail relay server is to change the default gateway > to > > route back through 172.17.1.112. Using its current default gateway and a > > static route back to the mail relay just does not work - it reaches > > 172.17.1.112 and seems to get lost in the ether. > > When the connection is forwarded 17.17.1.112 -> 172.18.6.45 -> 192.168.100.2 > Is their a static route on the firewall accepting 172.18.6.5 forwards to > 192.168.100.2? > > > > > The firewall is NG FP3, running on Windows 2000. > > > > Internet access, mail outbound ( from the exchange server to the mail relay > > server then onto the internet ) works perfectly. So the static route works > on > > the exchange server itself, it just seems to have a problem in replying..... > > > > As I said, it has been driving me mad, and cant see the wood for the trees. > > Any help would be greatly appreciated. > > > > > > Thanks. > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
