MIP's and HIDE on checkpoint NG

From: Cariddi, Richard (Richard_Cariddi_at_acml.com)
Date: 11/24/03

Next message: Tiago Halm: "RE: Managed OS?"

Previous message: Serge Jorgensen: "RE: Statistics"
Next in thread: Robayo, Fernando: "RE: MIP's and HIDE on checkpoint NG"
Maybe reply: Robayo, Fernando: "RE: MIP's and HIDE on checkpoint NG"
Maybe reply: Grabowski, David: "RE: MIP's and HIDE on checkpoint NG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: security-basics@securityfocus.com
Date: Mon, 24 Nov 2003 13:52:47 -0500

Would anyone know the order of operations for NAT on a CheckPoint box?
The dilemma is as follows:
There exists a MIP 192.168.1.1:206.218.1.1 -> 10.1.1.1
There also exists a Hide rule:
192.168.0.0->10.1.1.1 (*hide behind 206.218.10.1*)

Does the MIP take predecedance over the hide?
So basically if 192.168.1.1 initiates a session to 10.1.1.1, will it take
the 206.218.1.1 address and not the HIDE address of 206.218.10.1?

Any information is appreciated.
Thank you,

Richard J. Cariddi, CCNP
Network Routing/Switching/Firewalls
Office:212.887.2202
Mobile:914.980.8395
Fax:212.887.3090

Alliance Capital Management
135 West 50th Street, 5th fl.
New York, NY 10020

-----------------------------------------
The information contained in this transmission may contain privileged and confidential information and is intended only for the use of the person(s) named above. If you are not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender immediately by reply e-mail and destroy all copies of the original message. Please note that we do not accept account orders and/or instructions by e-mail, and therefore will not be responsible for carrying out such orders and/or instructions.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Tiago Halm: "RE: Managed OS?"

Previous message: Serge Jorgensen: "RE: Statistics"
Next in thread: Robayo, Fernando: "RE: MIP's and HIDE on checkpoint NG"
Maybe reply: Robayo, Fernando: "RE: MIP's and HIDE on checkpoint NG"
Maybe reply: Grabowski, David: "RE: MIP's and HIDE on checkpoint NG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: VPN-1 Secureremote pass-through on a PIX 506
... I've seen this happen when the client site (behind a NAT router) is ... I've known this to be solved by setting up the Checkpoint ... This might not be the issue, since it works with the PIX. ... DSL router, fits with the symptoms I've seen. ...
(comp.dcom.sys.cisco)
RE: [fw-wiz] Checkpoint to Cisco - Hardware VPN works, software d oesnt
... Is the Checkpoint performing NAT on the software VPN's internal IP address? ... does that translation equate to the IP address that your Concentrator ... This tunnel works fine. ...
(Firewall-Wizards)
Re: ISA serv 2004 one to one NAT
... No matter what the technicalities and terminologies, if Microsoft want ... ISA2004 to sell into the market place that currently has Checkpoint ... translation rules (like FW1). ... and an additional dedicated NAT router to connect ...
(microsoft.public.isa)
How to Put Checkpoint SecuRemote Behind NAT?
... How can you configure Checkpoint SecuRemote for the case where either ... Firewall-1 or the SecuRemote client machines are behind NAT boxes? ...
(comp.security.firewalls)