Re: [FW-1] How to disable split-dns inside encryption dom?

Subject:	Re: [FW-1] How to disable split-dns inside encryption dom?
From:	Reinhard.Posmyk AT ARXES DOT DE
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 30 Jul 2003 07:58:21 +0200

Philip,

my first guess was to switch "allow_clear_in_enc_domain" to (true),
but this doesn't work correctly. All dns queries with targets
inside the dnsinfo-covered range are still sent to the specified
dns server's ip address. The destination mac address is the one
of the internal (correct) server. So next I tried to revert the
"mac_xlate" to (true). The ip destination is still the same, but
now the target mac address is the one of the default gateway.





> if a network uses different internal dns servers for local
> and remote clients, is it possible to disable split dns with
> SR, when the client is inside the encryption domain? Sorry,
> no Secure Client license, so only transparent mode is possible.

Edit the userc.c file so that "allow_clear_in_enc_domain" is true and not
false.

--Philip

--
Philip Colmer, MBCS CEng CCSE           Tel: 01223 271223
I.T. Manager                            Fax: 01223 215513
ProQuest Information & Learning
The Quorum, Barnwell Road, Cambridge, CB5 8SW

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] How to disable split-dns inside encryption dom?, Reinhard . Posmyk Re: [FW-1] How to disable split-dns inside encryption dom?, Colmer, Philip Re: [FW-1] How to disable split-dns inside encryption dom?, Reinhard . Posmyk <=

Previous by Date:	[FW-1] FTP on NG FP3 with HF1 on Win2k, Moon, Curtis
Next by Date:	Re: [FW-1] NG AI VRRP Anti-Spoofing, David Beattie
Previous by Thread:	Re: [FW-1] How to disable split-dns inside encryption dom?, Colmer, Philip
Next by Thread:	Re: [FW-1] encryption fail reason: temporary unavailable resources, Reinhard Stich
Indexes:	[Date] [Thread] [Top] [All Lists]