Davis, Daniel wrote:
It's not a NAT transversal issue. The problem is that the firewall is not
Hide NAT'ing the ESP packets. So, the packets are leaving with 10.x.x.x
addresses rather than the public address.
And, yes, the Netscreen does have NAT transversal capabilities... but they
are enabled on the Netscreen gateway and not the client.
It is impossible to NAT ESP in the general case. FW-1 will not NAT ESP.
--
Crist J. Clark crist.clark AT globalstar DOT com
Globalstar Communications (408) 933-4387
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
