Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Checkpoint NAT

Status
Not open for further replies.
awayteam

awayteam

MIS
Apr 26, 2001
2
0
0
US
I am using CheckPoint Firewall 4.1 (SP1) on a Windows NT 4 (SP6A) PC.

The current network configuration is:

Gateway 192.1.1.1 (CheckPoint Server)
Mask: 255.255.255.0

Workstation IP Range - 192.1.1.50 - 192.1.1.200
(Statically assigned)

The current configuration works fine for all browsing and mail services.

A Borderware server has been installed to provide access to another site. The Borderware server is addressed 192.1.1.2

The subnet for the site we are accessing via the Borderware server is 10.1.x.x

If I add a static route at each workstation to use this new gateway to access the remote site, all is working fine.

What I wanted to know is if there is a way to add a rule at the Checkpoint Firewall to re-direct traffic for the 10.1.x.x network to the 192.1.1.2 gateway?

Cheers
 
Sort by date Sort by votes
You would need to add a static route to the firewall for the new subnet.
you would need to add rules allowing trafic from the two subnets

you will have problems with out of state packets as all routing isnt via the firewall

as a working theory (no guarentees it will work)
1. change your borderware server to a third subnet(from 192.1.1.2) this will stop direct routing

2. remove the static routes from the machines

3. add a static route to the firewall for the borderware new subnet address

4. add rules to firewall allowing all trafic between 10.1.x.x and 192.1.1.x (Both ways)
 
Upvote 0 Downvote
Hi Piloria,

as far as I know, there's no rule for it.

All you need to do is to add a static route on the firewall
gateway to redirect 10.1.x.x.

rgds,

Simon
 
Upvote 0 Downvote
G'day Simon,

I tried adding a static route on the Firewall uing the 'route add' command, and while it allowed the Firewall to see the remote network via the new gateway, it did not allow the clients.

Any additional suggestions would be appreciated.

Cheers,
Andrew
 
Upvote 0 Downvote
Hi andrew,

The problem is mostly routing issues.

check the gateway at the other end to see if they
have a route point back to your client's network.


Rgds,

Simon
 
Upvote 0 Downvote
Hi...If you route the external IP to the internal 192 ip, would that "open to the world" the internal server? Thus giving someone access to your inside network?

Thanks!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
161
intel233
intel233
steve777777
  • Locked
  • Question
Cisco ASA VPN+NAT
Replies
0
Views
49
steve777777
steve777777
mattbarkerlfc
  • Locked
  • Question
Checkpoint 2200 subnet overlap problem
Replies
0
Views
39
mattbarkerlfc
mattbarkerlfc
J001
  • Locked
  • Question
Checkpoint Upgrade Question
Replies
0
Views
30
J001
J001
dgoradia
  • Locked
  • Question
Second public IP NAT to LAN
Replies
0
Views
37
dgoradia
dgoradia

Part and Inventory Search

Sponsor

Back
Top