Firewalls: RE: NAT(SRC & DST) Accross WAN

Firewalls
(June 1997)

Indexed By Thread: [Previous] [Next]

Subject:	RE: NAT(SRC & DST) Accross WAN
From:	ö PaLaN ö <palan @ dataprep . com . my>
Date:	Thu, 26 Jun 1997 08:41:02 -0800
To:	Russ <Russ . Cooper @ RC . on . ca>
Cc:	firewalls @ greatcircle . com

At 03:29 PM 6/25/97 -0400, you wrote:
>Does your router environment support host routes? BGP4?
>


Russ,

Yes, I'm using Bay Routers and running OSPF. According to Chekpoint's
support provider, it should work but when I tried it doesn't work at all..I
can add the arp entry but not the route entry. It tells me, the network is
unreachable. 

Russ, maybe you can hilite to me few things. Once I have define the
"fwxlconf" for the remote NT to have valid translated IP, then I should add
the arp entry rite ? Ok, once the arp entry is done, can I suppose I can
ping the valid IP, am I rite or I need the route to be there ?? 

Thanks for your help....


Rgds,
PaLaN

>
>----------
>From: 	ö PaLaN ö[SMTP:palan @
 dataprep .
 com .
 my]
>Sent: 	Wednesday, June 25, 1997 12:21 PM
>To: 	firewalls @
 greatcircle .
 com
>
>Howdy,
>
>I have a quick question for those who implemented Firewall-1 by
>Checkpoint
>on a big/huge network. Well, here is the situation :
>
>O I have FW-1 ver 2.0 running on sparc 20 with two interfaces (valid-ip
>and
>private-ip).
>O My FW-1 is doing NAT for say class A network and located in HQ.
>O My HQ has 2MB pipe to ISP.
>O All the remote sites are connected to HQ via Frame Relay cloud.
>O All servers and PCs and other equipment excepts for FW-1 is running on
>private IP.
>O There is one NT server at each remote sites running SMTP connecting to
>HW NT.
>O HQ NT has been used to deal direct to Internet for SMTP by running SRC
>&
>DST NAT on FW-1.
>
>Ok, the above works fine, no problem. My objective now is to off-load
>the HW
>NT. I don't want a centralized SMTP server, so I propose every remote NT
>do
>deal with Internet directly for SMTP.
>
>To accomplish this I need to do SRC & DST NAT for all remote NT on my
>FW-1.
>Can the FW-1 do SRC & DST NAT accros WAN for a specfic host ?? This is
>what
>I need to know...if you have any suggestions pls advise me.
>
>Thanks for your advices....
>
>rgds,
>PaLaN
>Network Sec²rity Engineer
>West Malaysia.
>
>" Hey, here is my key ... lets exchange packets now !! "
>
>
Network Sec²rity Engineer
West Malaysia.

" Hey, here is my key ... lets exchange packets now !! "

Indexed By Date	Previous:	Re: Definition of security expert From: "Jan Zeilinga" <j . zeilinga @ abm . com . au>
Indexed By Date	Next:	Re: Pulling out Checkpoint-1 firewalls From: Vin McLellan <vin @ shore . net>
Indexed By Thread	Previous:	RE: Raptor 4.0 on NT 4.0 Disaster recovery procedure From: Pedro Salgueiro <psalgueiro @ windy . europe . dg . com>
Indexed By Thread	Next:	Are there any NFS clients to mount filesystem on UNIX? From: "Cai Xuewu" <xwcai @ shcei . co . cn>