You need a rule to allow the reply, or just allow PING with policy
properties.
Fix the rulebase to allow the return icmp...
Thomas Poole
-----Original Message-----
From: Christopher Cullan - Unikoan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 22, 2000 3:36 PM
To: Fw-1-Mailinglist@Lists. Us. Checkpoint. Com
Subject: [FW1] NAT, NT 4, CP2000 SP2
Well, this week seems to be my week on unexplained items...anyway here's the
story:
NT 4 SP5, CP 4.1 SP2 (as of today)
Firewall is in lab environment.
I'm testing NAT from one device on the external network (arbitrary in this
case) to one device in the internal network.
I'm using manually defined static NAT rules, i.e.:
source_real (on external) to dest_fake (external subnet) >>>>
fw_internal_int to dest_real
ports are left untouched.
I've defined a local.arp entry for dest_fake address and ARP caches on the
test client show this to work.
I've defined a static route on the FW dest_fake >>>> dest_real.
There is also a hiding NAT rule for the internal network to go out the
external network.
When I perform a test PING, the logs show that the packet is accepted and
translated but I get no reply.
Any thoughts?
Cheers,
Chris
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
