Hello List,
I have two problems may be related hence I am lumping then together here.
Problem 1.
I have an external partners who needs access to one of internal boxes for
support reasons.
I have setup a firewall 1 user using skey and setup a rule as follows :-
user@theirnet internal_machine telnet
user_auth
The internal_machine as both an external address and internal ip address.
If I change the rule to
user@any internal_machine telnet
user_auth
and put my pc on the external side of the firewall and try to telnet using
the external address, the firewall intercepts and requests username and skey
process begins and is passed but connection fails. Do the same but using the
internal_address to connects. If I change to this rule
theirnet internal_machine telnet
accept
They can connect to the internal host okay. Is there any special you need to
do get skey working with NAT. Our other skey users are okay as they internal
addresses.
Problem 2
For internet traffic all internal segments are natted to various external
addresses. For example internetnet (10.30.0.0) gets natted to 195.x.x.x. PCs
no subnet 10.30.x.x gets natted okay and they can browse the internet no
problems whichs proves nat is working (confirmed in the fw logs). If the pc
then tries to connect to an external service 194.x.x.x (not http but sql)
which is connected to the dirtyside of the firewall the pc address is not
natted but retains its internal ip address hence no packet returns as
routing is done on the external translated address not the internal address.
Anybody any ideas why its work for http but not sql on the same pc!!!?
Thanks in advance.
*******************************************************************************************************
Any opinions expressed in the email are those of the individual and not necessarily the
City Of Salford. This email and any files transmitted with it are confidential and
solely for the use of the intended recipient.
It may contain material protected by solicitor-client privilege. If you are not the
intended recipient or the person responsible for delivering to the intended recipient,
be advised that you have received this email in error and that any use is strictly
prohibited. If you have received this email in error please notify the IT Help Desk by
telephone on +44 (0) 1617933993.
********************************************************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
