Hans,
Take a look at the Address Translation/NAT tab in the fw GUI.
That should tell you what is being NATted.
Robert
- -
Robert P. MacDonald, Network Engineer
Team Lead, e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Hans-Joachim Hoetger <[EMAIL PROTECTED]> 11/14/00 11:34:46 AM >>>
>
>Hello
>I'm sitting in front of a very strange problem. There are
>two ciscos connected to my firewall. Lets say c1 and c2.
>They are talking to each other over a GRE tunnel. (ip_p 47)
>Everything works well, if c1 is sending to c2. The problem
>is as follows: The packets from c2 to c1 are NATted. (they
>hide behind the external IF of the firewall. There is
>shurely no rule that enforces this.
>Some tech. details:
>FW-1 Build 41716 [VPN + DES + STRONG] running on Solaris 7
>defaultroute poits to qfe0
>c1 can be reached over qfe0
>c2 is connected to qfe1
>
>If i snoop on qfe1, the (incoming) packets have the right
>SRC and DST. If i snoop on qfe0 (outgoing), the packets have
>the right DST, but SRC is set to the address of the firewall
>Interface qfe0.
>
>What can i do about this?
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
