https://community.checkpoint.com/t5/General-Topics/Connection-between-two-different-vpn-sts/m-p/104069#M19991 <P class="_1qeIAgB0cPwnLhDF9XSiJM">well i hope to be clear with my problem since english is not my native language.<BR />i have two vpns, one against oracle and another with a client.&nbsp;&nbsp;<BR />Actually oracle needs to access to a resource what is living in the vpn checkpoint-client.<BR />Since oracle will never reach the client because the dst ip its trying to reach lives in the other vpn is i was thinking someway i could nat the traffic from oracle to my client.<BR />For example oracle needs to reach ip 192.168.220.240 (this one live in the client side) so what im doing is this:<BR /><BR />Source: 132.240.149.31<BR />Dst IP: 192.168.1.35 (ip from the dmz who is part from the vpn communities between oracle-checkpoint)<BR /><BR />NAT SOURCE: 132.240.149.31 -&gt; 10.23.4.240 this IP is part from the vpn communities between checkpoint-client<BR />NAT DST IP: 192.168.1.35 -&gt; 192.168.220.240 this is the real resource we need to reach.</P> <P class="_1qeIAgB0cPwnLhDF9XSiJM">But even after this nat we cant reach the dst ip, so... anyone has ever done something similar im looking for some tips and tricks.<BR />Im going share a image where you can see the topology i think with that this could be a little more clear.<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="question.jpg" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/9468iE089C9D7B65DFD1E/image-size/large?v=v2&amp;px=999" role="button" title="question.jpg" alt="question.jpg" /></span></P> Thu, 03 Dec 2020 08:36:20 GMT Sharif24 2020-12-03T08:36:20Z https://community.checkpoint.com/t5/General-Topics/Connection-between-two-different-vpn-sts/m-p/104069#M19991 <P class="_1qeIAgB0cPwnLhDF9XSiJM">well i hope to be clear with my problem since english is not my native language.<BR />i have two vpns, one against oracle and another with a client.&nbsp;&nbsp;<BR />Actually oracle needs to access to a resource what is living in the vpn checkpoint-client.<BR />Since oracle will never reach the client because the dst ip its trying to reach lives in the other vpn is i was thinking someway i could nat the traffic from oracle to my client.<BR />For example oracle needs to reach ip 192.168.220.240 (this one live in the client side) so what im doing is this:<BR /><BR />Source: 132.240.149.31<BR />Dst IP: 192.168.1.35 (ip from the dmz who is part from the vpn communities between oracle-checkpoint)<BR /><BR />NAT SOURCE: 132.240.149.31 -&gt; 10.23.4.240 this IP is part from the vpn communities between checkpoint-client<BR />NAT DST IP: 192.168.1.35 -&gt; 192.168.220.240 this is the real resource we need to reach.</P> <P class="_1qeIAgB0cPwnLhDF9XSiJM">But even after this nat we cant reach the dst ip, so... anyone has ever done something similar im looking for some tips and tricks.<BR />Im going share a image where you can see the topology i think with that this could be a little more clear.<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="question.jpg" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/9468iE089C9D7B65DFD1E/image-size/large?v=v2&amp;px=999" role="button" title="question.jpg" alt="question.jpg" /></span></P> Thu, 03 Dec 2020 08:36:20 GMT https://community.checkpoint.com/t5/General-Topics/Connection-between-two-different-vpn-sts/m-p/104069#M19991 Sharif24 2020-12-03T08:36:20Z https://community.checkpoint.com/t5/General-Topics/Connection-between-two-different-vpn-sts/m-p/104283#M20040 <P>Let’s start with version/JHF level as well as what you see in the logs when you attempt the connection.<BR />This can work, but you need to make sure the encryption domains and NAT are set appropriately.</P> Fri, 04 Dec 2020 03:28:30 GMT https://community.checkpoint.com/t5/General-Topics/Connection-between-two-different-vpn-sts/m-p/104283#M20040 PhoneBoy 2020-12-04T03:28:30Z