One thing to check is whether arp is working or not. Unlike the pix, the
checkpoint will not answer to arps just because you setup a nat with an ip
address. You may have to manual configure the proxy arp on your checkpoint.
This may or may not be the problem depending on your topology, but you can rule
this out by checking the arp cache of your next-hop external router.
-----Original Message-----
From: Reinhard Stich [mailto:r.stich AT INTERNET-SECURITY DOT AT]
Sent: Monday, June 30, 2003 12:09 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] AW: [FW-1] CP NG FP3 cant work with 2 different ip
address ranges...
hi,
is 148.x.x.x your internal network?
did you enable NAT?
cheers
reinhard
-----Ursprüngliche Nachricht-----
Von: Horacio Paredes [mailto:hp_nava AT YAHOO.COM DOT MX]
Gesendet: Mo 30.06.2003 18:45
An: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Cc:
Betreff: [FW-1] CP NG FP3 cant work with 2 different ip address
ranges...
Hi everybody!!
I tried to migrate a PIX to CP NG FP3 in recent days
but I had to recover the PIX, because when I
configured CP FW-1 with a IP address on the outside
interface (i.e. 200.x.x.x) and all the NAT´s are using
the range of 148.x.x.x. All services (148.x.x.x) are
not seen from internet only the addresses 200.x.x.x.
The CISCO Pix is working fine with this scheme.
What do you think is the problem with this???
Regards,
Horacio
Security Engineer
_________________________________________________________
Do You Yahoo!?
La mejor conexión a internet y 25MB extra a tu correo por $100 al mes.
http://net.yahoo.com.mx
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
Disclaimer - 06/30/2003
This information in this email is confidential and may be legally privileged.
It is intended solely for Mailing list for discussion of Firewall-1. Access to
this Internet email by anyone else is unauthorized.
EnvestnetPMC, Inc. does not accept time-sensitive transactional messages,
including orders to buy and sell securities, account allocation instructions,
or any other instructions affecting a client account, via e-mail.
If you are not the intended recipient of this email, any disclosure, copying,
or distribution of it is prohibited and may be unlawful. If you have received
this email in error, please notify the sender and immediately and permanently
delete it and destroy any copies of it that were printed out. When addressed
to our clients, any opinions or advice contained in this email is subject to
the terms and conditions expressed in any applicable governing EnvestnetPMC
terms of business or agreements.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
