https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185089#M34032 <P>Yes, it is possible to setup groups in the NAT rule base for your hide NAT. I use this feature quite often.</P><P>You can absolutely put those 3 servers into a group and specify hide behind&nbsp;<SPAN>172.26.15.254 when talking to the other remote network.</SPAN></P> Wed, 28 Jun 2023 19:35:47 GMT CaseyB 2023-06-28T19:35:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185064#M34026 <P>Hello,</P> <P>A query, I have a S2S IPsec VPN against a third party, in which, on our side we have the need that "the remote peer" does not know us with the real IPs of our servers.</P> <P>These are our Real IPs:<BR />10.7.12.124<BR />10.7.106.114 <BR />192.168.216.50</P> <P>Destination IP of the remote peer:<BR />69.20.50.41</P> <P>These 3 IPs, must "present" themselves to the remote peer, with the NAT IP -&gt; 172.26.15.254</P> <P>Checkpoint requires that in this case, 3 Hide NAT type rules are created for each of the real IPs, right?</P> <P>It is not possible to work it in only one NAT rule?</P> <P>Cheers. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 28 Jun 2023 16:25:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185064#M34026 Matlu 2023-06-28T16:25:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185065#M34027 <P>Hey bro,</P> <P>Make sure NAT is enabled inside vpn community and if its static nat rules, then they may need to be separate.</P> <P>Andy</P> Wed, 28 Jun 2023 16:39:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185065#M34027 the_rock 2023-06-28T16:39:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185067#M34028 <P>Buddy<BR /><BR />The TAC told me that in order for Checkpoint, to take my manual NAT rules into account, I have to disable the checkbox of the option that you see in the following image. <span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="VPN1.png" style="width: 737px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/21557i2849BC8A00BA7BF5/image-size/large?v=v2&amp;px=999" role="button" title="VPN1.png" alt="VPN1.png" /></span></P> <P>For now, my manual NAT works fine, but it is configured as a 1 - 1 NAT.<BR />And what I want is that on my side, there are 3 servers with different IPs, that can reach the other side of the VPN, with a single NAT IP.</P> <P>Is it possible to make a Hide NAT, using as origin a "group object" and putting there, all the IPs that I want to leave my side ????</P> <P>Greetings.</P> Wed, 28 Jun 2023 16:49:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185067#M34028 Matlu 2023-06-28T16:49:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185068#M34029 <P>Sorry, my bad, I believe TAC is correct. Also, as per below, makes sense</P> <P><A href="https://sc1.checkpoint.com/documents/R81.20/SmartConsole_OLH/EN/Topics-OLH/dL_YCs4YOk8Belcgyiq0Lg2.htm?cshid=dL_YCs4YOk8Belcgyiq0Lg2" target="_blank">VPN Communities - Advanced (checkpoint.com)</A></P> <P>Btw, if its hide NAT rule, then group should work.</P> <P>Andy</P> Wed, 28 Jun 2023 16:59:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185068#M34029 the_rock 2023-06-28T16:59:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185089#M34032 <P>Yes, it is possible to setup groups in the NAT rule base for your hide NAT. I use this feature quite often.</P><P>You can absolutely put those 3 servers into a group and specify hide behind&nbsp;<SPAN>172.26.15.254 when talking to the other remote network.</SPAN></P> Wed, 28 Jun 2023 19:35:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185089#M34032 CaseyB 2023-06-28T19:35:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185090#M34033 <P>100% that works, agree.</P> <P>Andy</P> Wed, 28 Jun 2023 19:37:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185090#M34033 the_rock 2023-06-28T19:37:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185092#M34034 <P>Thanks for the support, guys.</P> <P>Cheers. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 28 Jun 2023 20:01:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185092#M34034 Matlu 2023-06-28T20:01:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185093#M34035 <P>FYBFOC = for you bro, free of charge <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 28 Jun 2023 20:09:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT-in-S2S-VPN-deployment/m-p/185093#M34035 the_rock 2023-06-28T20:09:39Z