Firewall Wizards mailing list archives

Checkpoint FW-1 NAT v's Routing problem

From: Edward Cracknell <edward () securIT net>
Date: Tue, 09 Dec 1997 21:53:41 +0400

A client of mine has un petite problem with Checkpoint FW-1, version
3.0a over 2.5 Solaris.


                                     FW-1
                                        |
                                Cisco 1601
                                        |
 ------------------------------------------------------------------------
      |                                                           |     
LAN 1                                                        LAN 2
(Illegal address scheme)          (Legal address scheme)
      
     
     
Using NAT SRC translations the problem is that FW-1 routes before it
NAT's, and so if the requirement for LAN 2 is to go to the IP address on
the Internet that corresponds with the illegal one of LAN 1 it fails.

The client doesn't want any hacks of code or non-supported solutions. I
feel it can be achieved with static routes pointing to the external
interface but the client really wants a CISCO based solution as they aim
to add lots more LAN 3's LAN 4's etc. and they have illegal addresses.

Does anyone know off hand if the 1601's support NAT? Cisco's are ver.
11.2.4

This would be the better solution because the firewall rules and logs
look messy after NAT.

Thanks in advance
 
-----------------------------------------------------------------
Edward Cracknell - <edward () SecurIT net>

Current thread:

Checkpoint FW-1 NAT v's Routing problem Edward Cracknell (Dec 09)
- <Possible follow-ups>
- RE: Checkpoint FW-1 NAT v's Routing problem Dana Bourgeois (Dec 16)