Hi There. I have setup a tunnel between my Checkpoint NG FW & a CISCO PIX for specific ftps. The initial tunnel config works fine, but I have a slight issue..
Since the customer has set up our tunnel to our public ip address, every time we try to access their normal website (not the ftp server), it gets rejected, because it's pulling our IP like it should be going to the ftp tunnel...
I haven't had a chance to play with NAT a whole lot, since this firewall was setup by a consultant. I need a little direction on how to set up the internal server ip address (10.X.X.X) to show a different address once it gets out of our firewall. I hope I'm making some sense here, I think this is what needs to happen, I just don't know how to get there. My assumption is that I need an ip address that is different than the internal ip & the public ip. Can I just make this ip address up (following the basic network rules) & tell Checkpoint that int_serv03 (10.X.X.X), is seen as int_serv03_NAT (192.X.X.X) (via NAT), then have the customer at the ftp site reference the 192.X.X.X? Will that work?
Since the customer has set up our tunnel to our public ip address, every time we try to access their normal website (not the ftp server), it gets rejected, because it's pulling our IP like it should be going to the ftp tunnel...
I haven't had a chance to play with NAT a whole lot, since this firewall was setup by a consultant. I need a little direction on how to set up the internal server ip address (10.X.X.X) to show a different address once it gets out of our firewall. I hope I'm making some sense here, I think this is what needs to happen, I just don't know how to get there. My assumption is that I need an ip address that is different than the internal ip & the public ip. Can I just make this ip address up (following the basic network rules) & tell Checkpoint that int_serv03 (10.X.X.X), is seen as int_serv03_NAT (192.X.X.X) (via NAT), then have the customer at the ftp site reference the 192.X.X.X? Will that work?