Recently I built tunnel between PIX 501 and CheckPoint firewall so that client with ip 192.168.1/2.0 will be able to access our internal ftp site only (10.10.1.5) but problem was that tunnel worked from my side (pix) to checkpoint side but not in other way. I did everything according the book but client still couldn't ping 10.10.1.5 host. Below is part of PIX configuration
access-list nonat permit ip 10.10.1.0 255.255.255.0 192.168.1.025188.8.131.52
access-list nonat permit ip 10.10.1.0 255.255.255.0 192.168.2.025184.108.40.206
access-list crypto permit ip 10.10.1.0 255.255.255.0 192.168.1.0.0255.255.255.0
access-list crypto permit ip 10.10.1.0 255.255.255.0 192.168.2.025220.127.116.11
I don't know what client did on its own side but they've recommended that I do static map as below.
static (inside, outside) 10.10.1.5 10.10.1.5 netmask 255.255.255.255 0 0
After adding this statement surprisingly everything worked, but I do not understand why I have to do this and now I got another problem. This server is DNS server and it can't resolve DNS names anymore. When I do show xlate I get result below and this is most likly reason why I can't get name resolved
Global 10.10.1.5 Local 10.10.1.5
Is there any CheckPoin-PIX guru that can help with this?