I guess I still don't follow why I would need static routes. Both the external subnet and NAT'd internal subnet should have access to the outside world and eachother via the default gateways.
I can definitely set up another test scenario and give adding the routes a shot, though. I just don't understand why it would need them. Perhaps I'm overlooking the obvious, though. At 09:01 AM 7/24/2002 -0700, you wrote: >Perhaps I misunderstood your issue. > >I have several remote networks tied together via tunnels and encryption >(effectively a VPN). > >To get the systems talking to each other, I used routes (common). > >The Routes I used were: > >1XX.XXX.XXX.0 -> 2xx.xxx.xxx.3 >3XX.XXX.XXX.0 -> 2xx.xxx.xxx.3 > >Where 1xx, 2xx, and 3xx are the nat'd address classes; with .3 the >gateway (separate, secured I-net connection). > >Is this at all what you are referring to? > >Danny H. Cox >Yield Dynamics, Inc. >(408) 764-9822 > >-----Original Message----- >From: denon [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, July 24, 2002 8:42 AM >To: [EMAIL PROTECTED] >Subject: RE: [gb-users] GB 1000, 3.2.5 and double-nat > >Routing where? The nat'd subnet cant have custom routes, they're just >dhcp-assigned IPs. Routing on the Gnatbox? Shouldn't GB already be >doing >this? If so, what route would you recommend? Pointing the internal >subnet >to the protected interface with the public IP? > > >At 08:39 AM 7/24/2002 -0700, you wrote: > >Try routing. > > > >I had similar problem early on and adding routes resolved it. > > > >Danny H. Cox > >Yield Dynamics, Inc. > >(408) 764-9822 > > > >-----Original Message----- > >From: denon [mailto:[EMAIL PROTECTED]] > >Sent: Wednesday, July 24, 2002 1:55 AM > >To: [EMAIL PROTECTED] > >Subject: [gb-users] GB 1000, 3.2.5 and double-nat > > > >We recently updated a GB 3.2.5 and made a few changes to it's > >filters/etc. After doing so, users on a natted internal subnet can no > >longer hit external subnets via tcp which are on the GB (being passed > >through with IP Passthrough). This worked fine before the upgrade. > > > >Basically, what's happening, is the traffic should be going like so: > > > >Workstation-Internal Subnet -> Gnatbox (NAT) -> > > Same GB (IP Pass (external IP)) -> > > Server-External Subnet > > > >It makes the request, seemingly making the tcp connection, but then > >hangs. ICMP and UDP work fine. > > > >An example, if I telnet to port 25 on one of the external subnet mail > >servers, it will open the telnet window and hang. I pass it a couple > >carriage returns, and nothing happens. No banner - nothing. It will > >eventually say the connection was lost to the host. > > > >The logs, surprisingly, don't seem to be showing anything but a >standard > > > >connection opening and closing. No errors that I see. > > > >Anyone else having stuff like this? I've tried adding "ACCEPT ANY ALL > >from > >ANY to ANY" filters to the top of all the lists. (outbound, remote > >access, > >IP Passthrough Filters, etc) to no avail. > > > >Suggestions? Bug Report? :) > > > > > >Thanks. > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >To subscribe to the digest version first unsubscribe, then > > e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > >Archive of the last 1000 messages: > > http://www.mail-archive.com/[email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
