Steven S. wrote:
Strange thing about that. When using a NAT hide rule FW-1 did not NAT the
ESP packets. I saw private addresses exiting the external interface,
un-NAT'd. Even though the UDP/500 packets _were_ NAT'd.
I believe FW-1 only knows how to NAT TCP, UDP, and ICMP.
This list has many times gone through why it is impossible to
do NAT on ESP in the general case. You cannot do many-to-one.
Nicola Nicoletti wrote:
Hi
You could use hide nat rules on FW1
--
Crist J. Clark crist.clark AT globalstar DOT com
Globalstar Communications (408) 933-4387
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
| 