hmm... friends don't let friends troubleshoot after a bunch of cocktails. i read your description totally wrong.
> The router between the ISP and FW-1 simply has one static route in it > sending all Internet traffic destined for xxx.xxx.10.x to xxx.xxx.10.1 that doesn't make sense... your border router should have a default route that points to your isp. your firwall should have a default that points to your router. since your router and the external interface of your fw are on the same connected network there should not need to be any statics that point the fw and the router to each other. the only case where this may not apply i if your fw does not handle proxy arp well for natted hosts. then you will need host routes for those natted hsots to point to the fw external ip. also, unrelated, can people stop hijacking threads, please. k thnx. -r On Wed, Sep 14, 2005 at 08:03:14AM -0400, Ray said at one point in time: > Sorry, I wasn't clear on this. The enforcement module is sending the ICMP > packets to the 10.254 router for whatever reason. The 10.254 router is the > next hop router for the enforcement module. The router has a single > Ethernet interface to the enforcement mocule and serial interfaces for the > T-1 lines carrying the Internet traffic. > > Ray > > >From: ravi pina <[EMAIL PROTECTED]> > >Reply-To: Mailing list for discussion of Firewall-1 > ><[email protected]> > >To: [email protected] > >Subject: Re: [FW-1] Question on the proper external IP address subnet mask > >Date: Wed, 14 Sep 2005 00:09:45 -0400 > > > >sounds like its a (cisco term) ip unnumbered interface. > >probably frame relay, i suspect. > > > >why would the firewall see packets with a destination > >of your router? > > > >all that subnetting is a lot of work it seems. > > > >try taking a device (e.g. laptop) and giving it an ip > >in the same external subnet with a gateway of the .1. > >if things route correctly then .1 should likely be > >your desired gateway and not .254. > > > >-r > > > > -- +++ATH 7MN; {{{ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
