https://community.checkpoint.com/t5/General-Topics/VPN-Site-to-Site-statically-Nated-IP-address/m-p/86477#M17338 <P>Hi,</P><P>I am trying to set a S2S tunnel between two Checkpoints managed by the same SMS (r80.10), but one of them is using a private IP as WAN to connect with the ISP. Then the ISP is routing the public IP to our private IP in the Checkpoint. I am using the Link Selection type of "Statically NATed IP" and I have set there the public IP I would like to use to form the packet. The problem I am seeing is that the tunnel does not get up and I cannot see traffic with tcpdump related to ipesec tunnel. Any idea about what could be happen? I could make a small diagram if you need it. Thank you very much.</P> Wed, 27 May 2020 13:02:53 GMT Gusa2727 2020-05-27T13:02:53Z https://community.checkpoint.com/t5/General-Topics/VPN-Site-to-Site-statically-Nated-IP-address/m-p/86477#M17338 <P>Hi,</P><P>I am trying to set a S2S tunnel between two Checkpoints managed by the same SMS (r80.10), but one of them is using a private IP as WAN to connect with the ISP. Then the ISP is routing the public IP to our private IP in the Checkpoint. I am using the Link Selection type of "Statically NATed IP" and I have set there the public IP I would like to use to form the packet. The problem I am seeing is that the tunnel does not get up and I cannot see traffic with tcpdump related to ipesec tunnel. Any idea about what could be happen? I could make a small diagram if you need it. Thank you very much.</P> Wed, 27 May 2020 13:02:53 GMT https://community.checkpoint.com/t5/General-Topics/VPN-Site-to-Site-statically-Nated-IP-address/m-p/86477#M17338 Gusa2727 2020-05-27T13:02:53Z https://community.checkpoint.com/t5/General-Topics/VPN-Site-to-Site-statically-Nated-IP-address/m-p/86824#M17432 That could mean the traffic isn't getting to the gateway at all.<BR />Which makes this an upstream issue.<BR />Can you confirm IPSEC traffic is leaving the remote gateway? Sun, 31 May 2020 04:32:24 GMT https://community.checkpoint.com/t5/General-Topics/VPN-Site-to-Site-statically-Nated-IP-address/m-p/86824#M17432 PhoneBoy 2020-05-31T04:32:24Z https://community.checkpoint.com/t5/General-Topics/VPN-Site-to-Site-statically-Nated-IP-address/m-p/131449#M23840 <P>I am having the same issue. The VPN works when I have the Main IP activated. But when I then change it to&nbsp;Statically NATed IP the VPN drops and doesn't work.</P><P>Nothing shows up in the logs besides in the VPN debug then "Peer Name: Unknown"</P><P>&nbsp;</P> Mon, 11 Oct 2021 05:45:13 GMT https://community.checkpoint.com/t5/General-Topics/VPN-Site-to-Site-statically-Nated-IP-address/m-p/131449#M23840 carp3di3m 2021-10-11T05:45:13Z https://community.checkpoint.com/t5/General-Topics/VPN-Site-to-Site-statically-Nated-IP-address/m-p/131472#M23843 <P>From&nbsp;<SPAN>sk32664:<BR /><BR /></SPAN></P> <P><STRONG>Before R80.10, Check Point "Maintrain" Security Gateways did not support initiating IKE propositions over NAT-T.</STRONG></P> <P>A Security Gateway will accept and support proposals for industry UDP encapsulation behind port 4500, but<SPAN>&nbsp;</SPAN><STRONG>will never initiate</STRONG><SPAN>&nbsp;</SPAN>a proposal, unlike 600, 1100, 1200R and VPN-1 Edge Appliances&nbsp;that do support initiating IKE propositions over NAT-T.</P> <P><SPAN>&nbsp;</SPAN></P> Mon, 11 Oct 2021 09:01:20 GMT https://community.checkpoint.com/t5/General-Topics/VPN-Site-to-Site-statically-Nated-IP-address/m-p/131472#M23843 _Val_ 2021-10-11T09:01:20Z