Tunnel between PIX 501 and CheckPoint firewall

Discussion in 'Cisco' started by John Strow, Oct 18, 2006.

  1. John Strow

    John Strow Guest

    Hi,

    Recently I built tunnel between PIX 501 and CheckPoint firewall so that
    client with ip 192.168.1/2.0 will be able to access our internal ftp site
    only (10.10.1.5) but problem was that tunnel worked from my side (pix) to
    checkpoint side but not in other way. I did everything according the book
    but client still couldn't ping 10.10.1.5 host. Below is part of PIX
    configuration



    access-list nonat permit ip 10.10.1.0 255.255.255.0 192.168.1.0
    255.255.255.0

    access-list nonat permit ip 10.10.1.0 255.255.255.0 192.168.2.0
    255.255.255.0

    access-list crypto permit ip 10.10.1.0 255.255.255.0 192.168.1.0.0
    255.255.255.0

    access-list crypto permit ip 10.10.1.0 255.255.255.0 192.168.2.0
    255.255.255.0



    I don't know what client did on its own side but they've recommended that I
    do static map as below.



    static (inside, outside) 10.10.1.5 10.10.1.5 netmask 255.255.255.255 0 0

    After adding this statement surprisingly everything worked, but I do not
    understand why I have to do this and now I got another problem. This server
    is DNS server and it can't resolve DNS names anymore. When I do show xlate I
    get result below and this is most likly reason why I can't get name resolved

    Global 10.10.1.5 Local 10.10.1.5

    Is there any CheckPoin-PIX guru that can help with this?

    Thanks
     
    John Strow, Oct 18, 2006
    #1
    1. Advertisements

  2. www.BradReese.Com, Oct 18, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.