Sorry, host config in 192.168.103.0/24 is like that (in french!) :
Adresse physique . . . . . . . . .: 00-0D-9D-4A-CB-1B
DHCP activé. . . . . . . . . . . : Oui
Configuration automatique activée . . . . : Oui
Adresse IP. . . . . . . . . . . . : 192.168.103.141
Masque de sous-réseau . . . . . . : 255.255.255.0
Passerelle par défaut . . . . . . : 192.168.103.51
Serveur DHCP. . . . . . . . . . . : 192.168.103.14
Serveurs DNS . . . . . . . . . . : 192.168.103.14
192.168.103.18
194.2.0.20
Serveur WINS principal. . . . . . : 192.168.103.14
Serveur WINS secondaire . . . . . : 192.168.103.3
Bail obtenu . . . . . . . . . . . : mercredi 26 octobre 2005 08:07:35
Bail expirant . . . . . . . . . . : mardi 1 novembre 2005 08:07:35
Cdt,
jc
-----Message d'origine-----
De : FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] De la part de
thomas.seher AT DEKRA DOT COM
Envoyé : mercredi 26 octobre 2005 10:21
À : FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Objet : Re: [FW-1] Routing or Nat issues
Hi Jean-Christophe,
looks like you have a routing problem, we see the same whenever we have
asymetric routing around the firewalls. In normal routing you can set this
behaviour where the response packets take different routes, that doesn't
work with a fw1 in the routing path. Which ist your default gateway on the
host in the 192.168.103.0/24 network? Looks like it is the 192.168.103.51.
Set it to your router 192.168.103.52 and on that set the default gateway
to your firewall.
When you initiate your terminal server session from 192.168.43.94 to
192.168.103.6, the syn packet goes to the router and then from the
interface 192.168.103.52 directly to the host 192.168.103.6. which sends
the syn-ack packet to the firewall 192.168.103.51. Now the fw1 finds a new
connection from 192.168.103.6 to 192.168.43.94 which doesn't start with a
syn packet and you get the drop and the log entry.
Mit freundlichen Grüßen/Kind
regards/Attentamente
Thomas Seher
------------------------------------------------
DEKRA AG
* Abt.: HE22
*
Tel.: ++49 711 7861 2600 * Fax: ++49 711 7861
2241
thomas.seher AT dekra DOT com * http://www.dekra.com
------------------------------------------------
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
