Robert, All,

Thank you very much.
It is Mr, and you can call me Stefan ...

The FW is keeping track of the NAT when it is Hide
mode, but I am not sure when it is a static NAT.
I did cionfigure the FW with Hide mode in my previous
company, but in my new company everything is configure
with Static.
The guys did configure both ways here, and I wonder if
it is correct. As I need to address this before the
audit point, I will 
appreciate any help. I can test that on the live
system.

I tried to find in th edoc I have and on phone biy,
but it ws not mentionned if FW was keeping track of
addresses for the return packets.

Anybody can help me ?

Thanks,

Xavier

-----Original Message-----
From:   Robert MacDonald [SMTP:[EMAIL PROTECTED]]
Sent:   Wednesday, July 12, 2000 12:40 AM
To:     [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject:        Re: [FW1] static NAT, is the outbound only
enough ?

Cisco (or is it Mr./Ms. Wave :),

Just outbound NAT should be fine. The fw should
keep track of it from there.

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> Cisco Wave <[EMAIL PROTECTED]> 7/5/00 3:52:34 AM
>>>

Dear All,

Regarding static NAT, do we need to have both inbound
and outboubnd NAT, or only one outbound NAT is enough
and FW1 is mart enough to know the inbound NAT ?

For example, which one is the most correct :
 
Rule
A.B.C.D -> W.X.Y.Z TCP Accept (outbound)
(TCP established are accepted, so no need for the rule
inbound)

with only this NAT ?
NAT
A.B.C.D->W.X.Y.Z translated 1.2.3.4->6.7.8.9

or with both NAT ?
NAT
A.B.C.D->W.X.Y.Z translated 1.2.3.4->6.7.8.9
6.7.8.9->1.2.3.4 translated W.X.Y.Z->A.B.C.D

Thank you,








=====
We are NOT Cisco Inc.

__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail � Free email you can access from anywhere!
http://mail.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to