topic Re: Can't access static NATTed server behind remote peer network in General Topics https://community.checkpoint.com/t5/General-Topics/Can-t-access-static-NATTed-server-behind-remote-peer-network/m-p/113616#M21291 <P>What log messages show on one or both ends when this happens?<BR />Even if the guest network isn’t in the encryption domain, the NAT address for the guest network probably is in the encryption domain (implicitly).</P> <P>My guess is the guest network also needs to be in the encryption domain to fix this.<BR />You should be able to prevent the guest network from accessing other things using access rules.</P> Tue, 16 Mar 2021 04:37:04 GMT PhoneBoy 2021-03-16T04:37:04Z Can't access static NATTed server behind remote peer network https://community.checkpoint.com/t5/General-Topics/Can-t-access-static-NATTed-server-behind-remote-peer-network/m-p/113613#M21290 <P>Hello mates.</P> <P>There is ipsec VPN tunnel between two checkpoints. Branch has two networks for staff and guests. Staff network 192.168.1.0/24 is on the VPN domain and guest network 192.168.2.0/24 is not added to the VPN domain. web server is behind headquarter firewall and static NATted. We can access that server from internet everywhere but just can't access from branch guest network. How to access that static NATted web server from guest network.?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="topl2.png" style="width: 801px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/11011i04D69D380313E163/image-size/large?v=v2&amp;px=999" role="button" title="topl2.png" alt="topl2.png" /></span></P> <DIV id="tinyMceEditorBaasanjargal_Ts_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P>&nbsp;</P> Tue, 16 Mar 2021 01:51:06 GMT https://community.checkpoint.com/t5/General-Topics/Can-t-access-static-NATTed-server-behind-remote-peer-network/m-p/113613#M21290 Baasanjargal_Ts 2021-03-16T01:51:06Z Re: Can't access static NATTed server behind remote peer network https://community.checkpoint.com/t5/General-Topics/Can-t-access-static-NATTed-server-behind-remote-peer-network/m-p/113616#M21291 <P>What log messages show on one or both ends when this happens?<BR />Even if the guest network isn’t in the encryption domain, the NAT address for the guest network probably is in the encryption domain (implicitly).</P> <P>My guess is the guest network also needs to be in the encryption domain to fix this.<BR />You should be able to prevent the guest network from accessing other things using access rules.</P> Tue, 16 Mar 2021 04:37:04 GMT https://community.checkpoint.com/t5/General-Topics/Can-t-access-static-NATTed-server-behind-remote-peer-network/m-p/113616#M21291 PhoneBoy 2021-03-16T04:37:04Z