I have the following problem with my VPN-1 gateway 4.1 SP1 running on Linux Redhat 6.0
(kernel 2.2.5-15)
I have configured it to use IP Pool Nat for securemote users.
I have set up a range of 3 addresses for that. I also have added arp entries (arp -s
ip mac pub)
The 3 addresses are in the same subnet as the encryption domain so that there is not
routing issue.
But when I try to connect to one machine of the encryption domain, the IP I see is the
original IP address of the securemote, not an address of the Nat pool.
I have set up the same (but with SP2) on an NT machine and it works!
When i look in the objects.C, I see the following differences in the defintion of the
ip pool range
4.1 SP2 NT working:
:netobjadtr (
: (secur
:color (black)
:type (machines_range)
:comments ()
:ipaddr_first (193.210.193.213)
:ipaddr_last (193.210.193.215)
:add_adtr_rule (false)
:netobj_adtr_method (adtr_static)
:the_firewalling_obj (
:type (refobj)
:refname ("#_All")
)
:ip_pool_securemote (false)
)
)
4.1 SP3 linux not working
:netobjadtr (
: (Pool-Nat-for-securemote
:color (black)
:type (machines_range)
:comments ()
:ipaddr_first (193.210.193.213)
:ipaddr_last (193.210.193.215)
)
)
As you see, some lines are missing. If I add them, it works almost: now I see the IP
address from the pool
BUT
my connection can not get through, because it seems that the linux kernel sends icmp
redirect when a packet is sent back to the IP address of the pool.
Is this a kernel problem?
Thanks
Siegfried
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
