NAT Rules
rule 10 to non-nat to internal networks :
| MACHINE-A | internalnets | any --> | original | original | any
rule 11 to nat to dmz1
| MACHINEA | DMZ1 | any --> | MACHINEA-NAT | DMZ1 | any
rules 12 to NAT to internet
| MACHINEA | any | any --> |MACHINEA-NAT-INTERNET | any | any
This is my initial setup, I use Hide NAT in rule 11 and 12.
When applied, rule 10 is bypassed and machinea to DMZ is NATed using rule 12 ?!?! why?
Now, I moved rule 10/11/12 to 1/2/3 and changed the Hide NAT to Static for rule 2/3 (old 11/12)
And now it works... any idea why ?
What is the difference between static and hide NAT ? As far as I can see, I could not use static source NAT with 2 different sources... But it seems to work anyway...
Also, anyone got Secureclients working through a stonebeat fullcluster? Even with a policy server behind the cluster , the topology is corrupted (no policy server in it, even if it is defined properly)...
And last question, anyone got FreeBSD IPsec working with Checkpoint ? if so, can you send your kame.sh file to the group ?
Here's another one... :-)
Is it possible to do VPN between a cisco (in fact , any non-checkpoint IPsec VPN) and a checkpoint/stonebeat fullcluster using the clusters IP? or Do I have to use 1 of the 2 IP's ??
Thanks a LOT !!
**************************************************************
Patrick Desnoyers
Network security administrator
**************************************************************
