Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nokia DMZ setup problem!

From: kstephe6 () csc com
Date: Mon, 27 Aug 2001 17:30:14 -0500
Matt:

If you are at IPSO 3.3 go to the Nokia Support site and read Resolutions
4625 and 477.   477 will help if you are at an earlier IPSO version.

Ken Stephens, CISSP
Sr. Security Manager
Computer Sciences Corporation




                                                                                                     
                    Matt Villion                                                                     
                    <mvillion () ddd com>          To:     "'firewall-wizards () nfr com'"                 
                    Sent by:                    <firewall-wizards () nfr com>                           
                    firewall-wizards-adm        cc:                                                  
                    in () nfr com                  Subject:     [fw-wiz] Nokia DMZ setup problem!       
                                                                                                     
                                                                                                     
                    08/26/01 10:05 AM                                                                
                                                                                                     
                                                                                                     





Greetings,

I am having difficulties in the setting up of a DMZ on a Nokia IP330 box.
I have dug through the Nokia documentation relating to the task and it does
seem straight forward but I am encountering difficulties with it.

The Nokia has three interfaces, Internal External and DMZ.

On the internal interface I have 192.168.0.8 thus connection to the LAN on
192.168.0.x

On the DMZ interface we have 192.168.1.8 and thus the the servers being on
192.168.1.x

On the external interface we have say x.x.35.156 which is connected to the
upstream router at x.x.35.155.
Our ISP also provided a range of other IP numbers to use which are not on
the same subnet.  (Bugger)
We got given x.x.36.1 to x.x.36.7.  The route is configured to listen out
for these addresses.

The configuration I need is for a couple of the x.x.36.x addresses to route
to the DMZ and one to pass through to the LAN.
To complicate matters I have a VPN connecting to and other office sitting
on
the x.x.35.156 address.

To set this up I configured in Checkpoint the servers with an DMZ network
address and a external NATed address from the x.x.36.x range and for the
internal LAN mapping address I did the same.

x.x.36.1   -> 192.168.0.1
x.x.36.2   -> 192.168.1.1
x.x.36.3   -> 192.168.1.2

I added via command line an ARP entry as per the manual.  I also added the
static routing.

But nothing worked.
When I added the x.x.36.x addresses as logical devices via the Voyager
interface it all works OK but the VPN will not survive a reboot.  After a
reboot I have to remove the x.x.36.x addresses from the logical interface
(The VPN then reconnects) and then I can add the x.x.36.x addresses back
and
continue on my merry way.

Please if you can help I would be grateful.

Thanks in Advance

Matt
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: