I have the same problem someone post on this mailing list 3 years ago. Do anyone got the answer ?
You wouldn't also be translating your internal network on the way out of
the firewall?
I have a feeling what's happening is that the internal net is getting
translated, but not your "valid" address. Once an address translation
rule is found (it proceeds through the rules in order), it stops
processing the rules. Since you're using automatic NAT rules, you have
no way to control what order these NAT rules are ordered. The internal
network translation is getting applied before your "legal" to "illegal"
static translation, and so it's failing because the "legal" address gets
routed out the wrong interface and not translated.
-- PhoneBoy
>I've added a server to our DMZ. I can ping the invalid address from the
>internal network, but am unable to ping the valid address from the
internal
>network. Here is what I've done.
>
>1) Added the valid address to the local.arp file.
>2) Added a static route between the valid address and the invalid
address.
>3) Created an object with the address of the invalid address and with
>static translation to the valid address.
>4) Installed the rule base.
>5) Verified the automatic address translation rules were added.
>6) Stopped and restarted the firewall process.
>7) Rebooted the firewall.
>
>This looks like it is setup just like the other servers. grrrr. Can
someone
>point out the step(s) I'm missing or suggest what to look at?
>
>Frustrated,
>IP
>
>
>
>================================================================================
> To unsubscribe from this mailing list, please see the instructions
at
> http://www.checkpoint.com/services/mailing.html
>================================================================================
>
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
|
