I've seen an interesting problem. I'm running the later versions of SR (4165 & 4176) on a 192.x.y.z host from behind a CheckPoint performing NAT going to a VPN gateway running 4.1 SP3. objects.c have been modified to include the definition for udp encapsulation, plus the appropriate settings to true for userc_NAT and userc_IKE_NAT. The appropriate settings have been set up so that the IPSEC group (AH, ESP, IKE etc) and udp2746 is passed to /from my internal host to /from the remote Firewall VPN gateway. Static 1:1 NATing works great. However, I can't get this going with Hide NAT. I can get to the CheckPoint demo site. I suspect that my external interface of the Hide gateway is not passing packets to my internal gateway. Anything obvious missing? The default gateway is out to the Internet so everything is been sent out. I've had a comment (thanks!!!) that talks about creating invalid addresses - what is this about? I simply have a generic NAT rule that Hides everything on the way out. Should I be specific? Thanks. _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
