'RE: [FW1] External to Internal NAT'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewall-1
Subject:    RE: [FW1] External to Internal NAT
From:       Erik Skoog <eskoog () passkey ! com>
Date:       2000-07-31 14:24:26
[Download RAW message or body]


Thanks so much

-----Original Message-----
From: Thomas.Poole@gecits.ge.com [mailto:Thomas.Poole@gecits.ge.com]
Sent: Monday, July 31, 2000 10:24 AM
To: eskoog@passkey.com
Cc: fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] External to Internal NAT 


1) Create object using external address with static NAT selected
2) Put a 1:1 route entry on the gateway -ie, route add -p 209.1.1.1
172.10.1.1
3) Make sure you either have proxy arping on the firewall (arp on Unix,
local.arp on NT) or put a static route on your internet router so the return
packet destined for 209.1.1.1 knows to go to the firewall.
4) Use the object you created in a rule, allowing whatever traffic you want.

Thomas Poole

-----Original Message-----
From: Erik Skoog [mailto:eskoog@passkey.com]
Sent: Monday, July 31, 2000 9:54 AM
To: Firewall-1 Mailing List
Subject: [FW1] External to Internal NAT 



I am in the process of trying to get an external to internal NAT working.  
 
Here is the scenario:  I am VPNing to a foreign Firewall using FWZ.  The
address I am entering the firewall with is 209.x.y.z. (209.x.y.0 is also the
IP address range of my Firewall and encryption domain)  Once inside the
foreign Firewall I need to pick up a 172.x.y.z address.
 
Here is the question:  How do I get this to work?  Is it as simple as
creating a network object on the foreign Firewall with the IP address of
209.x.y.z and selecting static NAT, ip address 172.x.y.z?  I wouldn't think
so, but maybe.
 
 
Any Ideas?
 
Erik Skoog



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic