Got a managed VPN consisting of two sites. Site A has the FW and site B accesses site A from the External interface on the FW and in on the internal. The VPN between the two sites work fine, but site B is unable to access any internet addresses. When trying to access anything outside the following message is logged:
message_info: Dropped packet forwarded between two external interfaces The message itself is a bit strange, as it indicates that a dropped packet is being routed after it has been dropped. But what I would like to know if it is at all possible for a FW-1 NG to router packets coming in on the external interface straight back out again to the internet? If so, what rules do we need to have? At the moment I've only added a HIDE NAT rule for the entire VPN net which is on coming in on the external interface. VPN traffic between the two sites: Site B: 172.168.x.y -> Ext Int: 193.x.x.4 -> Internal Int: 172.168.x.1 -> Site A 172.168.x.? Internet traffic from site B: Site B: 172.168.x.y -> Ext Int:193.x.x.4 -> Ext Int/Internet -> (packets dropped with message above) Is this at all possible? Or do we have to use a proxy of some kind behind the FW on site A to allow internet access for site B. Best Regards, Thomas Nilsen ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
