That is normal behaviour in FW-1. You should try to reduce MTU of the client. Another reason might be routing but I doubt it.
Server end is probably filtering ICMP as someone said earlier. rgds, Harri -----Original Message----- From: ext Laura Folden [mailto:[EMAIL PROTECTED]] Sent: 08 January, 2002 23:34 To: [EMAIL PROTECTED] Subject: RE: IP Issues Regarding the issue with being unable to connect to a particular ip address, thank you all for your help. The tracert is still jumping around and we remain unable to connect. The tech support at the host site tell me that "The reason from the repetition of the 205.229.56.205 address in the traceroute is due to the way NAT translation occurs within Checkpoint. The first instance of 205.229.56.205 is the firewall, and the subsequent lines showing 205.229.56.205 are the internal hops that it takes to reach the server. This is normal behavior because the firewall translates the entire internal route. There was a problem earlier today with an extra recursive hop in the routing. That issue was shown in that prior to hitting the 205.229.56205 address the traceroute would jump from 192.216.122.218 to 192.216.122.217. That issue has been resolved. There is nothing blocking this in our firewall rules. " Does anyone know if this is truly a problem with Checkpoint NAT translation? Tracert follows. Thanks! Laura Folden PC/Network Administrator The HSUS traceroute.exe to 205.229.56.205 (205.229.56.205), 30 hops max, 38 byte packets 1 router.redhat.com (199.183.24.225) [AS2551] [EMAIL PROTECTED] 527.937 ms 899.604 ms 789.677 ms 2 Loopback0.GW3.RDU1.ALTER.NET (137.39.5.13) [AS701] [EMAIL PROTECTED] 419.798 ms 409.641 ms 309.695 ms 3 178.at-0-1-0.XR1.TCO1.ALTER.NET (146.188.162.30) [AS702] [EMAIL PROTECTED] 319.567 ms 290.405 ms 308.076 ms 4 193.at-1-0-0.TR1.DCA8.ALTER.NET (152.63.32.190) [AS701] [EMAIL PROTECTED] 449.631 ms 425.622 ms 309.123 ms 5 115.at-6-0-0.TR1.NYC8.ALTER.NET (146.188.141.186) [AS702] [EMAIL PROTECTED] 619.619 ms 278.697 ms 439.790 ms 6 185.at-1-0-0.XR1.NYC8.ALTER.NET (152.63.19.185) [AS701] [EMAIL PROTECTED] 370.304 ms 369.406 ms 399.923 ms 7 183.ATM6-0.GW1.NYC8.ALTER.NET (152.63.18.137) [AS701] [EMAIL PROTECTED] 321.384 ms 397.120 ms 509.644 ms 8 circle-gw.customer.alter.net (157.130.49.6) [AS701] [EMAIL PROTECTED] 479.667 ms 469.615 ms 169.760 ms 9 192.216.122.214 (192.216.122.214) [AS7018] [EMAIL PROTECTED] 649.663 ms 537.845 ms 429.701 ms 10 205.229.56.205 (205.229.56.205) [AS701] [EMAIL PROTECTED] 259.663 ms 478.546 ms 331.390 ms 11 * 205.229.56.205 (205.229.56.205) [AS701] [EMAIL PROTECTED] 179.905 ms * 12 205.229.56.205 (205.229.56.205) [AS701] [EMAIL PROTECTED] 229.720 ms 338.870 ms 299.368 ms 13 205.229.56.205 (205.229.56.205) [AS701] [EMAIL PROTECTED] 369.595 ms 618.804 ms 339.539 ms 14 205.229.56.205 (205.229.56.205) [AS701] [EMAIL PROTECTED] 439.712 ms 188.695 ms 269.725 ms _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
