RE: [FW1] NAT

Fri, 01 Sep 2000 08:41:57 -0700 


NAT 5 Step Rule

1. Add external address and external NIC MAC address in format
208.203.162.55 00-00-00-00-00-00

2. Add route from external address to internal address in form of route add
208.203.162.55 192.168.100.5 -p (Except for Hiding addresses)

3. Add NAT rule to the rule base. This can be done using automagic or
manual, but manual requires the creation of two objects, one int and one ext
if doing static, and to do hiding you must use a range object.

4. Add the EXTERNAL object to the valid addresses group object on the
INTERNAL interface of the firewall object under spoofing. If you are doing
auto NAT add the internal object to the valid addresses.

5. Add a security rule to allow traffic to/from the address.

Travis Guinn MCSE/CCSE/CCA/A+ 
Data Transit, Intl - Dallas
1999 #1 Citrix Integrator Nationwide
v(972) 458-8384 f(972) 455-0557



-----Original Message-----
From: Tim Huxel [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 01, 2000 9:49 AM
To: fw-1
Subject: [FW1] NAT



I can't get NAT to work on NT.
Here is what I have done.
1)On the firewall I created the local.arp
file on the firewall.(translated_address external_macaddress)

2)Edited the fwscript route add external_address internal_address -p

3)Created workstation object internal_address with NAT add automatic
translation rules. Method hide. Hiding address an address on the external
networks subnet. Install On all

4)Created security policy any any any accept. Just for testing purposes.

5)Added static route from translated_address to internal_address.

When I trace route to the external_address I can only get to the
internal_address. I can ping the external_address.
I'm sure that I missed something. I've tried several routes and
configurations
but, still no NAT.

TIA
Tim



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to