To follow up on what about gathering packet captures depending on your configuration the VPN traffic may be accelerated by SecureXL and therefore will not show up in a fw monitor -e capture. ALso the remote VPN endpoint has these networks defined conversely. This is shown in the attachment ZAB2ĭoes anyone have any tips to troubleshoot this pleaseīoth 172.23.0.0 and 172.17.0.0 are listed in the oneliner to determine the location encryption domain on the checkpoint. If I disable NAT the traffic destined for 10.103.116.24 the traffic is still unencrypted out through externalĪ directly attached system to the checkpoint also forwards traffic to 10.103.116.24 but it does not need to NAT the destination, this traffic is encrypted as expected and sent. The traffic is accepted as shown in the attachment ZAB. The traffic is not being encrypted and passed out the external leg of firewall. Remote server 172.23.56.23 -via router talks to proxy ARP NAT of 172.17.56.7 on checkpoint which in turn NATs destination to 10.103.116.24 (from172.17.56.7 ) -> IPSEC VPN to remote site which has encryption domain of 10.103.116.0/24 If I wanted to NAT a destination IP before it was passed into a tunnel, is this possible to do ? Just another question re NAT on a 1590 running 80.20 build 2467:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |