We have a checkpoint cluster with VPN and the remote end has the address of the cluster. With the checkpoint SP5 the default is to NAT the gateways to the cluster address. This is done in the objects.C file
:IPsec_cluster_nat (true) However, it is misleading in the fw log because the log only shows the address of the physicall interface. A snoop on the external interface does show that the cluster address is what is being sent out. Good Luck, Donna ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
