Update:
I've checked my Policy Rules order and it seems to check out. Howerver,
FW-1 NAT Rules list all the static NAT rules above the Hide NAT so basically
my NAT for the External Customer segment is going to be above the NAT rule
for the Internet. Do I have to manually create a NAT rule (vs.
automatically have it generated via the Object Properties) in order to work
around the rule based order?
Added note: I have entered the required ARP entry in the local.arp as
required. The logs shows the station http traffic passing fine with source
IP address as that of the Internet IF (Origin: 70.70.100.11 Source:
10.2.50.220). I cannot ping and traceroute dies at FW.
-----Original Message-----
From: Steven Zimmerman [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 28, 2000 8:04 AM
To: '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'
Subject: RE: [FW1] NAT/routing problem
Check your NAT setup. This system is setup to Static NAT to your external
customer segment, but make sure that the NAT for the Intranet to the
Internet is before the NAT to the External Customer segment. (Or that the
NAT rule only uses Static NAT for the 10.10.10.0 segment.) In the logs, do
you see this station trying to get out to the Internet? If so, what is the
Source Translation IP Address?
Steven Zimmerman
CIO
IR Network Solutions
770-277-9877
770-237-5497 fax
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Robert
MacDonald
Sent: Monday, August 28, 2000 8:15 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [FW1] NAT/routing problem
Peter,
My suspicion is an ARP problem. Have you added
the required ARP entry to local.arp? if so, send back
the output to 'arp -a' and 'netstat -rn'.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Peter Nguyen <[EMAIL PROTECTED]> 8/25/00 5:38:46 PM >>>
>
>
>I posted this on newsgroup for help. Anyone have ideas what I can try
next?
>
>
>Here is our basic FW-1 ver 4.0 NT4 layout with 4 NICs
>
>
> Internet
>
> 70.70.100.0
> |70.70.100.11
> |
>External Customer
>10.10.10.0 --------10.10.10.11--[[FW-1] --10.2.2.8 ----------------10.2.0.0
> Intranet
> |
> | 172.25.220.11
> |
> 172.25.220.0
>
> DMZ
>
>
>Our Intranet Users are on Hide NAT 10.2.0.0 network to the Internet, All is
>OK.
>
>We have a host on Intranet at IP 10.2.50.220 Static NAT to External
Customer
>10.10.10.25
>This particular host when set to this IP under the Static NAT rule cannot
>get to internet via browser, however if I change to any other IP on
>10.2.x.x, then they can get to the Internet via browser fine. However, I
>need to set this host to this static NAT so that the External customer can
>get to them though the FW. What am I missing? Logging does not show any
>dropped.
>
>Thanks,
>Peter
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
