Symantec 100 VPN/Firewall NAT?

On Fri, 23 Jul 2004 14:14:59 +0100, Kevin Howell spoketh

Well, first you say that it _is_ stripping the local IP address out of the headers, and then you say it isn't. I'm not sure which one is your problem...

If the web based application is on the WAN side of the firewall and the clients are on the LAN side of the firewall, then the web based application will only see the public (WAN side) IP address of the firewall rather than the private IP address of the clients. That's what NAT does. It can be disabled, but then you'll need to renumber your LAN so all the clients have public IP addresses. (This doesn't mean they'll be exposed to the public, just that they are not in the private IP address space).

Lars M. Hansen

formatting link
'badnews' with 'news' in e-mail address)

Reply to
Lars M. Hansen
Loading thread data ...

That is what NAT does - it strips out the internal IP and replaces it with the public IP. ALL NAT firewalls will do that - be they symantec, cisco, linksys, netgear, watchguard, sonicwall, firewall1, etc. etc.

The only way NOT to have that happen is to not use NAT. But then the boxes accessing the intyernet all must have public IP's, not private IP's.

Reply to
T. Sean Weintz

Hi all,

We have a Symantec 100 VPN/Firewall utilising NAT on our network. The problem we have is that NAT is stripping the internal network address completely out of the header of the packet, and our web based application shows the clients IP address from behind the Symantec as the public NAT ip address. We have tried other firewalls, e.g. Linksys, Netgear and standard Windows XP Pro machine and they display the private IP address e.g. Is there anything I can change on the Symantec 100? Also if I replace the Symantec with a Cisco Pix will I still have the same problem?

Thanks in advance,


Reply to
Kevin Howell Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.