[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: [FW1] RE: Checkpoint and Citrix - NAT problem
>From my experience, you need to modify the ICA module.ini file to
set useAlternativeAddress=1, and then specify the legal ip as the
alternative WinFrame server address.
Give it a try, it will work.
____________________Reply Separator____________________
Subject: Re: [FW1] RE: Checkpoint and Citrix - NAT problem
Author: <katsumi@cbcamerica.com>
Date: 10/11/1999 7:33 PM
Frank,
If this has been pointed out, sorry. I think you have to make a static route
from your valid host IP (x.x.x.37) to invalid host IP (y.y.y.37).
This should route the packets correctly through your fw.
Fred
______________________________ Reply Separator _________________________________
Subject: [FW1] RE: Checkpoint and Citrix - NAT problem
Author: Frank Knobbe at Home <FKnobbe@Home.com> at INTERNET
Date: 10/11/99 5:27 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Marcus.Nand@wdr.com [mailto:Marcus.Nand@wdr.com]
> Sent: Thursday, October 07, 1999 9:11 PM
>
> If you aren't receiving any packets for the virtual IP than
> this looks more of a
> routing problem . Does the client know how to get to the
> virtual address, this
> needs to be advertised ?
The real IP address of the FW is x.x.x.35 and the virtual, statically
NATed IP address of the WinFrame server is x.x.x.37. Internally the
WinFrame server is on the same segment as the internal NIC of the FW,
having IP address y.y.y.5. I added following route statement as
described in Phoneboy's docs:
route add x.x.x.37 y.y.y.5
As mentioned, x.x.x.37 has been added to the local.arp file with the
MAC address of x.x.x.35. I also added a static arp entry in the arp
cache (just to make sure). Rules are setup properly, yet it does not
work.
What am I missing here???
Frank
> > -----Original Message-----
> > From: Marcus.Nand@wdr.com [mailto:Marcus.Nand@wdr.com]
> > Sent: Wednesday, October 06, 1999 6:43 PM
> >
> > I have implemented this on our checkpoint firewall, its
> > doing NAT as
> > well, no issues.
>
>
> Howdy,
>
> I have a similar issue with NAT and Citrix (although I don't think
> Citrix is the culprit). Firewall-1 (v4 NT) has been configured
> according to the documents on Phoneboys website. Rule for
> Citrixbox_realIP to any using any, and any to Citrixbox_natIP using
> ICA protocol. Object for Citrixbox_realIP is setup with static NAT
> and there is an entry in the local.arp file for the NAT'ed IP
> address with external I/F MAC address. A route for that virtual IP
> has been added, I even added a static ARP entry per hand. It still
> does not work.
>
> Everything looks alright, but the FW does not receive and packets
> for that IP address (neither drop nor accept). I have not hooked
> up a sniffer yet since I first wanted to verify the configuration.
>
>
> Any recommendations or other pointers besides Phoneboys and
> Checkpoints documents are welcome.
>
> Regards,
> Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.
iQA/AwUBOAJkSERKym0LjhFcEQJBvwCg3j5rOy/A/aC9s46tfgNJ5M+11YMAn3aA
UP5YAOyxkejPUtrDtXDem3y8
=w9zQ
-----END PGP SIGNATURE-----
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================