"We were discussing the NAT to the SmartCenter setting. Did you change
that setting?"
This option does NOT exist, to my knowledge for Provider-1. For CMA,
yes, but not for Provider-1 itself.
Hugo van der Kooij <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cisco4ng
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cisco4ng wrote:
> 1. Already did. I only see the MDG client host 10.1.1.140 sending reset.
>
> 2. NAT setting? NAT on cisco is easy. You don't have to be a rocket
> scientist to figure it out. As I've said before, it did NOT work with static
> N
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cisco4ng <[EMAIL PROTECTED]> wrote:
>
> this file you suggested contained no important information:
Maybe not, but it was still a good idea to look there.
- --
David DeSimone == Network Admin == [EMAIL PROTECTED]
"This email message is intended for
this file you suggested contained no important information:
[EMAIL PROTECTED] root]# more $MDSDIR/log/fwui.log
Tue Nov 6 07:09:57 2007 cpmidu_update_tool [EMAIL PROTECTED]: Database Lock
acquired
Tue Nov 6 07:10:04 2007 line-editor [EMAIL PROTECTED]: Logging in
Tue Nov 6 07:10:20 2007 lin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cisco4ng <[EMAIL PROTECTED]> wrote:
>
> This is what I am seeing in the $MDSDIR/conf/mdsdb/cp-gui-clients.C
> As you can see in my Provider-1 configuration, it accepts ANY hosts.
I had suggested that you look at the log. You can find it at
$MDSDIR/
d the MDG client software to
NGx R65 ?
Best regards,
PB
De: Mailing list for discussion of Firewall-1 em nome de cisco4ng
Enviada: qua 14-11-2007 14:53
Para: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Assunto: Re: [FW-1] Provider-1 and NAT
I am absolutely p
Assunto: Re: [FW-1] Provider-1 and NAT
I am absolutely positive that the P-1 uses a single 18190 port, as seen
below from my tcpdump on the Provider-1 box where host 10.1.1.140
is the WinXP with MDG client:
[EMAIL PROTECTED] tcpdump -i eth1 -nn -n host 10.1.1.140
tcpdump: listening on eth1
09:41
1. Already did. I only see the MDG client host 10.1.1.140 sending reset.
2. NAT setting? NAT on cisco is easy. You don't have to be a rocket
scientist to figure it out. As I've said before, it did NOT work with static
NAT either.
3. Already did. Did NOT solve anything.
4. Already did.
I've posted several emails after that. As far as the check box is
concerns, it only applies to CMA, not Provider-1. There is
no check box for Provider-1. I swapped out the router and replace
it with a Juniper firewall and I still have the same issue, even
with static NAT. THERE WAS NO SUCH ISSU
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cisco4ng wrote:
> This tcpdump is taken from an P-1 NG AI R55 and it is working.
> In other words, the MDG client, host 10.1.1.140, never send
> any reset. Therefore, the only logical conclusion I can come up
> with is that Checkpoint broke this in N
This tcpdump is taken from an P-1 NG AI R55 and it is working.
In other words, the MDG client, host 10.1.1.140, never send
any reset. Therefore, the only logical conclusion I can come up
with is that Checkpoint broke this in NGx. See below:
[EMAIL PROTECTED] tcpdump -i eth0 -nn -n host 10.1.1.1
This is what I am seeing in the $MDSDIR/conf/mdsdb/cp-gui-clients.C
[EMAIL PROTECTED] more cp-gui-clients.C
(
:version (6.08)
: (AnyHost
:AdminInfo (
:chkpf_uid ("{5CF25FE6-80B1-11DC-AE7A-0AFA61092323}")
:ClassName (pv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cisco4ng wrote:
> [EMAIL PROTECTED] tcpdump -i eth1 -nn -n host 10.1.1.140
> tcpdump: listening on eth1
> 09:41:09.320478 10.1.1.140.1691 > 10.250.97.9.18190: S
> 1398211834:1398211834(0) win 65535 (DF)
> 09:41:09.320577 10.250.97.9.18190 > 10.1.1.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cisco4ng wrote:
> Hugo,
>
> The option you referred to is available since version R55. Under the CMA
> NAT, there is a box that you check to tell that this is your management
> traffics. What you said is entirely accurate but ONLY IF the firewall
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cisco4ng <[EMAIL PROTECTED]> wrote:
>
> as you can see the in the tcpdump, host MDG 10.1.1.140 is the one
> actually sent the Reset.
>
> Anymore ideas? Thanks.
In my experience, MDG sends TCP reset when the GUI client is
unrecognized. I know you sa
ED]> wrote: Are you sure that port 18190 still the
only to be used in such communication ?
Could you run a tcpdump on the MDG client side ?
Regards,
PB
De: Mailing list for discussion of Firewall-1 em nome de Hugo van der Kooij
Enviada: ter 13-11-2007 22:4
Hugo,
The option you referred to is available since version R55. Under the CMA
NAT, there is a box that you check to tell that this is your management
traffics. What you said is entirely accurate but ONLY IF the firewall
in front of the CMA is a checkpoint firewall. The NAT device I have
in fr
-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Assunto: Re: [FW-1] Provider-1 and NAT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cisco4ng wrote:
> Hi all,
>
> I have question regarding Provider-1 and NAT.
>
> I have provider-1 NG with AI R55 with HFA_20 running on Linux.
> The IP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cisco4ng wrote:
> Hi all,
>
> I have question regarding Provider-1 and NAT.
>
> I have provider-1 NG with AI R55 with HFA_20 running on Linux.
> The IP address of the P-1 is 192.168.1.1/24. The P-1 sits behind
> a Cisco router and the router has pri
Hi all,
I have question regarding Provider-1 and NAT.
I have provider-1 NG with AI R55 with HFA_20 running on Linux.
The IP address of the P-1 is 192.168.1.1/24. The P-1 sits behind
a Cisco router and the router has private ip address of
192.168.1.254/24. The router also has a public ip addres
20 matches
Mail list logo