Hello
I'm sitting in front of a very strange problem. There are
two ciscos connected to my firewall. Lets say c1 and c2.
They are talking to each other over a GRE tunnel. (ip_p 47)
Everything works well, if c1 is sending to c2. The problem
is as follows: The packets from c2 to c1 are NATted. (they
hide behind the external IF of the firewall. There is
shurely no rule that enforces this.
Some tech. details:
FW-1 Build 41716 [VPN + DES + STRONG] running on Solaris 7
defaultroute poits to qfe0
c1 can be reached over qfe0
c2 is connected to qfe1
If i snoop on qfe1, the (incoming) packets have the right
SRC and DST. If i snoop on qfe0 (outgoing), the packets have
the right DST, but SRC is set to the address of the firewall
Interface qfe0.
What can i do about this?
--
Hans-Joachim Hoetger voice: +49-5241-80-88990
mediaWays GmbH NMW-T1 (Technologie)
"Gut ist auch des Emporkommen von Linux als Herausforderer
von Microsoft." Angela Merkel (Die Zeit, 4.Mai 2000)
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
