https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPSec-with-NAT/m-p/201440#M37899 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/38213">@the_rock</a>&nbsp;Thank you for the reply.<BR /><BR />One thing to keep in mind, the service worked/reachable when we allow server to server without NAT on the Encryption Domain. But with NAT it will not work.<BR /><BR />Below you will the excluded services screenshot form the community.&nbsp;</P> Sun, 24 Dec 2023 06:17:30 GMT gemechisd 2023-12-24T06:17:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPSec-with-NAT/m-p/201062#M37782 <P>We have a checkpoint security gateway with R81.10 JHF 110 Installed. And we have established a Site to Site IPSec VPN with one partner having Fortigate Firewall. On the established IPSec tunnel we have 3 different Encryption Domains for different services. The third party wants our encryption domains to be natted to an IP Address they gave us. We have done the nat of our local encryption domains for the 3 services with different NAT IP's. And we can reach 2 services to the Remote destination / Encryption Domain, but we can't reach 1 service on the remote ED. All three services are on the same IPSec VPN Tunnel.<BR /><BR />Why is 2 services with Natted IP's worked and 1 service is not working for us?</P> Tue, 19 Dec 2023 13:44:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPSec-with-NAT/m-p/201062#M37782 gemechisd 2023-12-19T13:44:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPSec-with-NAT/m-p/201066#M37784 <P>K, so sounds like config is fine. If one is failing, maybe do basic VPN debug and also check vpnd.elg files as well for that service. Out of curiosity, what service is it? Make sure its not expluded in the excluded services tab on the community options as per below.</P> <P>Andy</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_1.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23725i761A7B018B3C3B4D/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot_1.png" alt="Screenshot_1.png" /></span></P> <P> </P> Tue, 19 Dec 2023 14:02:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPSec-with-NAT/m-p/201066#M37784 the_rock 2023-12-19T14:02:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPSec-with-NAT/m-p/201440#M37899 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/38213">@the_rock</a>&nbsp;Thank you for the reply.<BR /><BR />One thing to keep in mind, the service worked/reachable when we allow server to server without NAT on the Encryption Domain. But with NAT it will not work.<BR /><BR />Below you will the excluded services screenshot form the community.&nbsp;</P> Sun, 24 Dec 2023 06:17:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPSec-with-NAT/m-p/201440#M37899 gemechisd 2023-12-24T06:17:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPSec-with-NAT/m-p/201448#M37901 <P>Might be worth TAC case to double check.</P> <P>Best,</P> <P>Andy</P> Sun, 24 Dec 2023 12:42:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPSec-with-NAT/m-p/201448#M37901 the_rock 2023-12-24T12:42:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPSec-with-NAT/m-p/201541#M37911 <P>What are the precise details of the NAT you've configured on your end, working and non-working?<BR />Possible this is an issue on the remote end.</P> Tue, 26 Dec 2023 18:41:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPSec-with-NAT/m-p/201541#M37911 PhoneBoy 2023-12-26T18:41:01Z