https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213970#M40831 <P>Indeed I'm suggesting this is the likely cause for the error reported.</P> Sun, 12 May 2024 15:28:18 GMT Chris_Atkinson 2024-05-12T15:28:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213911#M40797 <P>Hello,</P><P>My 5800 checkpoint LAN IP is 10.103.253.10 and LAN subnet is 10.100.0.0/16,&nbsp; then i have 2 vpn site to site to azure and the tunnel already established.</P><P>Now i have requirement to change that the traffic from LAN subnet if want go to 1st VPN tunnel (Subnet 10.200.0.0/16) will go directly without any NAT.</P><P>Then i also need traffic from LAN subnet if want go to 2nd VPN Tunnel (Subnet 10.150.0.0/16) should be NATted using interface ip address (10.103.255.10).</P><P>Anyone here know how to make that NAT?&nbsp;</P> Sat, 11 May 2024 14:18:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213911#M40797 handiansudianto 2024-05-11T14:18:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213928#M40807 <P>You can simply make manual nat rules in smart console based on those requirements.&nbsp;</P> <P>Andy</P> Sat, 11 May 2024 18:18:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213928#M40807 the_rock 2024-05-11T18:18:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213930#M40808 <P>Hello,</P><P>So my NAT setting is :</P><P>Original source : 10.100.0.0/16</P><P>Original destination : 10.150.0.0/16</P><P>And what should i choose on translate source so the traffic will be translated to my checkpoint interface?</P> Sun, 12 May 2024 03:54:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213930#M40808 handiansudianto 2024-05-12T03:54:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213940#M40814 <P>Whatever the IP is that needs to be translated to.</P> <P>Andy</P> Sun, 12 May 2024 12:18:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213940#M40814 the_rock 2024-05-12T12:18:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213952#M40819 <P>Hi..</P><P>Already try with configuration below but have error&nbsp;</P><DIV class="">&nbsp;</DIV><P>Original source : 10.100.0.0/16</P><P>Original destination : 10.150.0.0/16</P><P>Translated Source : 10.103.107.1&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 12 May 2024 13:33:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213952#M40819 handiansudianto 2024-05-12T13:33:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213954#M40821 <P>Let me test it in the lab and will let you know.</P> <P>Andy</P> Sun, 12 May 2024 13:37:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213954#M40821 the_rock 2024-05-12T13:37:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213959#M40825 <P>Works for me.</P> <P>Andy</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_1.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/25629i5E8DB6CCD12C38B4/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot_1.png" alt="Screenshot_1.png" /></span></P> <P> </P> Sun, 12 May 2024 13:53:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213959#M40825 the_rock 2024-05-12T13:53:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213966#M40828 <P>Did you set it as hide or static?</P> Sun, 12 May 2024 15:23:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213966#M40828 Chris_Atkinson 2024-05-12T15:23:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213967#M40829 <P>Im fairly sure that can ONLY work with hide nat.</P> Sun, 12 May 2024 15:24:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213967#M40829 the_rock 2024-05-12T15:24:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213970#M40831 <P>Indeed I'm suggesting this is the likely cause for the error reported.</P> Sun, 12 May 2024 15:28:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213970#M40831 Chris_Atkinson 2024-05-12T15:28:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213971#M40832 <P>Yup, agree!</P> Sun, 12 May 2024 15:32:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213971#M40832 the_rock 2024-05-12T15:32:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213984#M40840 <P>Hello,</P><P>I change the static nat to hide and the error was gone, but actually when i try RDP from 10.100.50.25 to Azure windows VM&nbsp; 10.50.10.10 then i check in the task manager, the source is still from host 10.100.50.25 and not from 10.103.107.1.</P><P>What i can see on the log there only decrypt message and in the message detail there are no NAT rule.</P> Mon, 13 May 2024 01:16:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213984#M40840 handiansudianto 2024-05-13T01:16:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213985#M40841 <P>In such a case that you described, ONLY hide nat rule would work, as you cant do static nat from subnet to subnet translation, for the lack of the better term.</P> <P>If IP is different, just change the natted IP in the translated packet, push policy and test.</P> <P>Andy</P> Mon, 13 May 2024 01:18:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/NAT/m-p/213985#M40841 the_rock 2024-05-13T01:18:43Z