If what you mean is that you intend to use 148.x.x.x as the public
address of your advertised services and that the servers themselves are
addressed in some other range (hence the need for NAT) and assuming
that you have NAT in place, you also need to take care of layer two
(ARP). You can either put a static route on the router just outside
your firewall for 148.x.x.x with a gateway or next hop of your firewall
interface (200.x.x.x) so the router will know to arp for the firewalls
IP whenever there is a 148.x.x.x address or tell the firewall to Proxy
Arp for each 148.x.x.x address you want directed through it. If you
choose Proxy Arp, you have the choice of either setting it up manually
using the OS utilites or using the Checkpoint global parameter for
automatic proxy arp - last I heard, fp3 was having some issues with
this feature. If the entire 148.x.x.x network is allocated for
translated address, I would suggested that the static route is probably
the simplest approach and will probably be the least problematic.
(assuming you have control over the external router).
Bill
On Monday, June 30, 2003, at 10:09 AM, Reinhard Stich wrote:
hi,
is 148.x.x.x your internal network?
did you enable NAT?
cheers
reinhard
-----Ursprüngliche Nachricht-----
Von: Horacio Paredes [mailto:hp_nava AT YAHOO.COM DOT MX]
Gesendet: Mo 30.06.2003 18:45
An: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Cc:
Betreff: [FW-1] CP NG FP3 cant work with 2 different ip
address ranges...
Hi everybody!!
I tried to migrate a PIX to CP NG FP3 in recent days
but I had to recover the PIX, because when I
configured CP FW-1 with a IP address on the outside
interface (i.e. 200.x.x.x) and all the NAT´s are using
the range of 148.x.x.x. All services (148.x.x.x) are
not seen from internet only the addresses 200.x.x.x.
The CISCO Pix is working fine with this scheme.
What do you think is the problem with this???
Regards,
Horacio
Security Engineer
_________________________________________________________
Do You Yahoo!?
La mejor conexión a internet y 25MB extra a tu correo por $100
al mes. http://net.yahoo.com.mx
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
