a couple of things: if the internal machine that you're trying to set up a static NAT rule for is also included in a subnet that currently has a dynamic rule set up for it, be sure that you bump the static rule above the dynamic NAT rules. also, you need to be sure that in the static NAT rule you are specifying a 32 bit netmask for the internal client address as well as for the global address.
if that still doesn't do it post a snip of the message log from when the communication fails. also, of course, be sure that whatever type of traffic you're testing with is permitted in your untrusted policy. -Z ----- Original Message ----- From: "Andrew Thomas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 05, 2002 10:42 AM Subject: Gauntlet NAT issues > Hi, > > We are running Gauntlet 5.5 on Win NT 4.0 SP5+hotfixes coming out of > our ears. I am at present having issues setting up static NAT. > > Dynamic NAT runs 100%. The static rule we are using is local IP: > 192.168.x.151, global IP: x.x.x.105, with the global interface set to > external (untrusted). > > The .105 IP address is bound to correct card. I can ping the IP from a > remote (Internet side) machine, but when I try to connect to e.g. mail > service via telnet, it times out (ie no connection refused). > > If anyone can give any pointers on how to do further trouble shooting > on this, please let me know. > > Take care, > Andrew Thomas > -- > Andrew Thomas > _______________________________________________________________ > http://www.webmail.co.za the South-African free email service > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
