Tom's Hardware > Forum > General Networking > Firewall > Symantec 100 VPN/Firewall NAT?

Symantec 100 VPN/Firewall NAT?

Forum General Networking : Firewall - Symantec 100 VPN/Firewall NAT?

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   07-23-2004 at 08:14:59 PM

Archived from groups: comp.security.firewalls (More info?)

 

Hi all,

We have a Symantec 100 VPN/Firewall utilising NAT on our network. The
problem we have is that NAT is stripping the internal network address
completely out of the header of the packet, and our web based application
shows the clients IP address from behind the Symantec as the public NAT ip
address. We have tried other firewalls, e.g. Linksys, Netgear and standard
Windows XP Pro machine and they display the private IP address e.g.
192.168.0.100. Is there anything I can change on the Symantec 100? Also if I
replace the Symantec with a Cisco Pix will I still have the same problem?

Thanks in advance,

Kev

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   07-23-2004 at 08:15:00 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

On Fri, 23 Jul 2004 14:14:59 +0100, Kevin Howell spoketh

>Hi all,
>
>We have a Symantec 100 VPN/Firewall utilising NAT on our network. The
>problem we have is that NAT is stripping the internal network address
>completely out of the header of the packet, and our web based application
>shows the clients IP address from behind the Symantec as the public NAT ip
>address. We have tried other firewalls, e.g. Linksys, Netgear and standard
>Windows XP Pro machine and they display the private IP address e.g.
>192.168.0.100. Is there anything I can change on the Symantec 100? Also if I
>replace the Symantec with a Cisco Pix will I still have the same problem?
>
>Thanks in advance,
>
>Kev
>

Well, first you say that it _is_ stripping the local IP address out of
the headers, and then you say it isn't. I'm not sure which one is your
problem...

If the web based application is on the WAN side of the firewall and the
clients are on the LAN side of the firewall, then the web based
application will only see the public (WAN side) IP address of the
firewall rather than the private IP address of the clients. That's what
NAT does. It can be disabled, but then you'll need to renumber your LAN
so all the clients have public IP addresses. (This doesn't mean they'll
be exposed to the public, just that they are not in the private IP
address space).


Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

Reply to Anonymous
Anonymous   07-23-2004 at 08:15:00 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

Kevin Howell wrote:

> Hi all,
>
> We have a Symantec 100 VPN/Firewall utilising NAT on our network. The
> problem we have is that NAT is stripping the internal network address
> completely out of the header of the packet, and our web based application
> shows the clients IP address from behind the Symantec as the public NAT ip
> address. We have tried other firewalls, e.g. Linksys, Netgear and standard
> Windows XP Pro machine and they display the private IP address e.g.
> 192.168.0.100. Is there anything I can change on the Symantec 100? Also if I
> replace the Symantec with a Cisco Pix will I still have the same problem?
>
> Thanks in advance,
>
> Kev

That is what NAT does - it strips out the internal IP and replaces it
with the public IP. ALL NAT firewalls will do that - be they symantec,
cisco, linksys, netgear, watchguard, sonicwall, firewall1, etc. etc.

The only way NOT to have that happen is to not use NAT. But then the
boxes accessing the intyernet all must have public IP's, not private IP's.

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > Firewall > Symantec 100 VPN/Firewall NAT?
Go to:

There are 1181 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.175 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them