If you aren't receiving any packets for the virtual IP than this looks more of a
routing problem . Does the client know how to get to the virtual address, this
needs to be advertised ?
Hope this helps
Marcus
______________________________ Reply Separator _________________________________
Subject: RE: Checkpoint and Citrix - NAT problem
Author: FKnobbe ([EMAIL PROTECTED]) at unix,mime
Date: 08/10/99 8:06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, October 06, 1999 6:43 PM
>
> I have implemented this on our checkpoint firewall, its
> doing NAT as
> well, no issues.
Howdy,
I have a similar issue with NAT and Citrix (although I don't think
Citrix is the culprit). Firewall-1 (v4 NT) has been configured
according to the documents on Phoneboys website. Rule for
Citrixbox_realIP to any using any, and any to Citrixbox_natIP using
ICA protocol. Object for Citrixbox_realIP is setup with static NAT
and there is an entry in the local.arp file for the NAT'ed IP address
with external I/F MAC address. A route for that virtual IP has been
added, I even added a static ARP entry per hand. It still does not
work.
Everything looks alright, but the FW does not receive and packets for
that IP address (neither drop nor accept). I have not hooked up a
sniffer yet since I first wanted to verify the configuration.
Any recommendations or other pointers besides Phoneboys and
Checkpoints documents are welcome.
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.
iQA/AwUBN/0ZXURKym0LjhFcEQL1ggCguFdcpVUIkH6oTdZIm3fZIifdNSgAnRm9
5KMflxci0FfeqHevoCUtLXco
=CfZf
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version. This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities or
related financial instruments.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
