Re: [FW1] NAT Problems

Derek ďż˝ Wed, 22 Nov 2000 08:47:54 -0800

It is version 4.0 Build 4031, and we are using ISAKMP/Oakley, DES w/ MD5 
using a Preshared secret.  I know its not a recent build, but I just got 
tossed into doing this.

Any help would be greatly appreciated.

Thanks again!

>From: CryptoTech <[EMAIL PROTECTED]>
>To: Derek ďż˝ <[EMAIL PROTECTED]>
>CC: [EMAIL PROTECTED]
>Subject: Re: [FW1] NAT Problems
>Date: Tue, 21 Nov 2000 21:01:26 -0500
>
>Derek,
>Can you give a few more details like the 4.0 build level (fw ver -k) and 
>the encryption
>type you use from site to site?
>
>NAT is not common to use in site to site vpn's.  It can be done, but it is 
>tricky.
>
>Thx,
>CryptoTech
>
>"Derek " wrote:
>
> > I'm having an odd problem with my FW-1.  It is version 4.0 on Solaris 
>2.6.
> >
> > When I am using a certain appication and sending large amounts of data, 
>the
> > firewall tries to re-key with the firewall at the other end during the
> > middle of the transfer, the for some reason my firewall starts sending 
>the
> > internal IP address of the computer on our network instead of sending 
>the
> > NAT address.  When it does this, I see a drop for the internal IP 
>address in
> > my firewall log, and the guy at the other end sees my internal address
> > instead of the NATed address so it is dropped on his end also.
> >
> > For example:
> >
> > Say the IP address of my computer is 192.168.0.125 and it is NATed to
> > 216.100.100.33, when it starts the communication with the other firewall 
>to
> > encrypt the data it sends over 216.100.100.33 starts doing its thing, 
>then
> > it reinstalls the key with the other firewall during the transfer, and
> > starts sending 192.168.0.125 out instead of the correct address.
> >
> > I hope I explained it good.  Any ideas?
> >
> > Thanks in advance!


_____________________________________________________________________________________
Get more from the Web.  FREE MSN Explorer download : http://explorer.msn.com



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Re: [FW1] NAT Problems

Reply via email to
