Checkpoint VPN Tunnel

Checkpoint_UC_V — Tue, 12 Sep 2023 06:26:49 GMT

Hello All,

I have one generic question regarding the VPN tunnel.

I have two tunnels from the Secure Gateway but the encryption domains at the remote ends are overlapping.

let's say remote A end has 10.0.0.0/16 and remote B has 10.1.0.0/24.

I have two suggestions,

1) I can create negate objects group 10.1..0.0/24 on remote A encryption.

2) Remote B encryption 10.1.0.0/24 is NATed to 20.20.20.0/24 on firewall. So can we only use 20.20.20.0/24 as a remote encryption domain on the VPN Tunnel?

kindly let me know your suggestions. Thank you in advance.

Re: Checkpoint VPN Tunnel

PhoneBoy — Fri, 15 Sep 2023 23:01:42 GMT

It depends on if both sides are actually using 10.1.0.0/24 or not.
Generally, in these cases, you'll have to perform NAT like you describe.

topic Checkpoint VPN Tunnel in Firewall and Security Management

Checkpoint VPN Tunnel

Re: Checkpoint VPN Tunnel