All, I have an interesting issue with NAT-ing an entire subnet. Setup is as follows:
-----192.168.224.0/24, 172.20.208.0/22----_FW_---------_FW_-----172.20.0.0/16---- A VPN is running between the two firewalls Now, the problem is that the 172.20 network does not allow external private range IP addresses on their network, so I need to nat 192.168.224.0 to 172.20.232.0, in order ot allow this subnet on the 172 network. I added the following rule: 192.168.224.0(source) 172.20.0.0 (destinantion) any 172.20.232.0(static) original any I can reach addresses on the other side now, however the 172 network can not reach my subnet. tried adding the following rule: 172.20.0.0 (source) 172.20.232.0 (destination) any original 192.168.224.0(static) any That didn't work.... tried some other rules but still I can not get it to work both ways, only one way. The idea is to translate the 172.20.232.0 subnet back to 192.168.224.0. I manage both firewalls, so I can make all the necessary changes myself... Anyone have any ideas?? Kind Regards, Erik Christiaans =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
