No Subject

Ing. Eduardo Frias T. Mon, 11 Sep 2000 08:42:34 -0700


Hi everybody.

Hope you can help me with this.
First I will "draw my topology"


internal net   ------>  Firewall ------------>  Router  ----->IS
172.16.0.0    172.16.1.10       148.243.163.130



Here, everything works fine. The problem arises when I want to add a third
interface to the firewall in order to stablish communication with another
router:

internal net   ------>  Firewall ------------>  Router  ----->IS
172.16.0.0    172.16.1.10  |    148.243.163.130
                           |
                           |
                      157.150.144.65
                           |
                           |
                        Router
                      (Extranet)

At this point I have already connected the third NIC into the firewall (
Solaris 2.5.1 ) and the NIC is up.
I added a rule to my security policy saying:

any 157.150.144.0  any  accept

The problem is that when I want to connect from any machine in my internal
network to any machine in the extranet ( 157.150.... ) I can not make the
connection. If I look to the logs I see the firewall accepting the
connection but I can not get any answer, ( eg. If I do a ping from my
machine 172.18.5.42  ) to a machine in the extranet (157.150.144.39 ) I do
not get an answer ). Something curious is that if I do the ping from the
firewall to the extranet I do get an answer.

My routing table is:

Routing Table:
  Destination           Gateway           Flags  Ref   Use   Interface
-------------------- -------------------- ----- ----- ------ ---------
127.0.0.1            127.0.0.1             UH       0   1788  lo0
172.18.0.0           172.16.1.11           UG       0  44339
172.16.0.0           172.16.1.10           U        2   7108  elx0
157.150.144.0        157.150.144.65        UG       1    300  elx1
148.243.0.0          148.243.163.130       U        3   1303  pcn0
224.0.0.0            148.243.163.130       U        3      0  pcn0
default              148.243.163.129       UG       0 196550


I am using a single gateway product with licenses for 256 machines. I
have
been reading and I read that  with this product you can only have one
external interface , does that have to be with the problem???

I have also thought that this is a NAT problem since I think I have to NAT
with the 148.243.163.130 address when I am going to the internet and I
have to NAT with the 157.150.144.65 address when I am going to the
extranet, if this is the case how do I do that ( Iknow I can do it with
the GUI but I can not use it!!! to create NAT rules ).

I will really appreciate any comments, suggestions or documentation to
solve this. It is kind of urgent.  Thanks a lot again.


--
Eduardo Frias
[EMAIL PROTECTED]





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
No Subject

Reply via email to
