Perhaps I misunderstood your issue. I have several remote networks tied together via tunnels and encryption (effectively a VPN).
To get the systems talking to each other, I used routes (common). The Routes I used were: 1XX.XXX.XXX.0 -> 2xx.xxx.xxx.3 3XX.XXX.XXX.0 -> 2xx.xxx.xxx.3 Where 1xx, 2xx, and 3xx are the nat'd address classes; with .3 the gateway (separate, secured I-net connection). Is this at all what you are referring to? Danny H. Cox Yield Dynamics, Inc. (408) 764-9822 -----Original Message----- From: denon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 24, 2002 8:42 AM To: [EMAIL PROTECTED] Subject: RE: [gb-users] GB 1000, 3.2.5 and double-nat Routing where? The nat'd subnet cant have custom routes, they're just dhcp-assigned IPs. Routing on the Gnatbox? Shouldn't GB already be doing this? If so, what route would you recommend? Pointing the internal subnet to the protected interface with the public IP? At 08:39 AM 7/24/2002 -0700, you wrote: >Try routing. > >I had similar problem early on and adding routes resolved it. > >Danny H. Cox >Yield Dynamics, Inc. >(408) 764-9822 > >-----Original Message----- >From: denon [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, July 24, 2002 1:55 AM >To: [EMAIL PROTECTED] >Subject: [gb-users] GB 1000, 3.2.5 and double-nat > >We recently updated a GB 3.2.5 and made a few changes to it's >filters/etc. After doing so, users on a natted internal subnet can no >longer hit external subnets via tcp which are on the GB (being passed >through with IP Passthrough). This worked fine before the upgrade. > >Basically, what's happening, is the traffic should be going like so: > >Workstation-Internal Subnet -> Gnatbox (NAT) -> > Same GB (IP Pass (external IP)) -> > Server-External Subnet > >It makes the request, seemingly making the tcp connection, but then >hangs. ICMP and UDP work fine. > >An example, if I telnet to port 25 on one of the external subnet mail >servers, it will open the telnet window and hang. I pass it a couple >carriage returns, and nothing happens. No banner - nothing. It will >eventually say the connection was lost to the host. > >The logs, surprisingly, don't seem to be showing anything but a standard > >connection opening and closing. No errors that I see. > >Anyone else having stuff like this? I've tried adding "ACCEPT ANY ALL >from >ANY to ANY" filters to the top of all the lists. (outbound, remote >access, >IP Passthrough Filters, etc) to no avail. > >Suggestions? Bug Report? :) > > >Thanks. > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >Archive of the last 1000 messages: > http://www.mail-archive.com/[email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
