To find the interfaces that CP thinks it is using: fw ctl iflist What type of Nokia are you using? I would expect a syntax for the interface name: eth-s1p1c0
Regards Derin -----Original Message----- From: Sadir [mailto:[EMAIL PROTECTED]] Sent: 16 October 2002 12:31 To: [EMAIL PROTECTED] Subject: Re: [FW-1] external interface ? Try using fw stat -d -l or if it is NG use cpstat -f all fw this may give you insight on which is the external int try fw monitor "aceept ;" -m IiOo The capital I is always for incomming so you can see which int is accepting the traffic i hope you don't have a heavy firewall Stephen B. wrote: >How should i know the external interface in a nokia box ? >I put the file external.if in $FWDIR/conf with this content: eth2c0 >(logical external interface) as it said in the phoneboy site, but how >can i see if the modification has succesfull ? > >Because i have problem to connect to firewall-1 with secure remote i >made this for debug: > >fw monitor -e "accept ((src=@secure-remote,dst=@external-firewall) or >(src= >@external-firewall,dst=@secure-remote));" > >And i have this log: > >eth2c0:i[44]: @secure-remote -> @external-firewall (TCP) len=44 >id=27409 >TCP: 3816 -> 264 .S.... seq=0020b349 ack=00000000 >eth2c0:I[44]: @secure-remote -> @external-firewall (TCP) len=44 id=27409 >TCP: 3816 -> 264 .S.... seq=0020b349 ack=00000000 >eth3c0:o[44]: @external-firewall -> @secure-remote (TCP) len=44 id=34388 >TCP: 264 -> 3816 .S..A. seq=25ec351a ack=0020b34a >eth3c0:O[44]: @external-firewall -> @secure-remote (TCP) len=44 id=34388 > >The ip address of the eth2c0 is @external-firewall but the firewall use >the interface eth3c0 to respond to my secure remote user ?? Is it >possible that my external interface isn't eth2c0 ? >And after that i don't have IKE negociation ... > > >A little help should be greatly appreciated ;) > > Stephen. > >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= <FONT SIZE=1>********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately and then delete from your system. This footnote also confirms that this email message has been swept for the presence of known computer viruses. **********************************************************************</FONT> ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
