https://community.checkpoint.com/t5/General-Topics/VPN-Source-NAT-subnet-and-actual-in-same-Encryption-domain/m-p/16779#M2810 <HTML><HEAD></HEAD><BODY><P>Hi Checkmates!&nbsp;</P><P></P><P>I have a question&nbsp;regarding VPN. On a VSX platform in a single domain on a single Virtual System I am trying to establish a VPN, where we are source NAT'ing in our end and they are aswell.</P><P></P><P>I can establish&nbsp;Phase 1 and 2 without issues and I can tell that the VPN is establishing with the correct NAT'ed subnet, yet we're not able to send traffic through.&nbsp;</P><P></P><P>Does this cause an issue if we have both the actual subnet and NAT'ed subnet in the VPN domain manually defined on the VS?</P><P></P><P>kind regards</P><P>hope you can help.&nbsp;</P></BODY></HTML> Tue, 07 Aug 2018 10:42:32 GMT Markus_Hoyer1 2018-08-07T10:42:32Z https://community.checkpoint.com/t5/General-Topics/VPN-Source-NAT-subnet-and-actual-in-same-Encryption-domain/m-p/16779#M2810 <HTML><HEAD></HEAD><BODY><P>Hi Checkmates!&nbsp;</P><P></P><P>I have a question&nbsp;regarding VPN. On a VSX platform in a single domain on a single Virtual System I am trying to establish a VPN, where we are source NAT'ing in our end and they are aswell.</P><P></P><P>I can establish&nbsp;Phase 1 and 2 without issues and I can tell that the VPN is establishing with the correct NAT'ed subnet, yet we're not able to send traffic through.&nbsp;</P><P></P><P>Does this cause an issue if we have both the actual subnet and NAT'ed subnet in the VPN domain manually defined on the VS?</P><P></P><P>kind regards</P><P>hope you can help.&nbsp;</P></BODY></HTML> Tue, 07 Aug 2018 10:42:32 GMT https://community.checkpoint.com/t5/General-Topics/VPN-Source-NAT-subnet-and-actual-in-same-Encryption-domain/m-p/16779#M2810 Markus_Hoyer1 2018-08-07T10:42:32Z https://community.checkpoint.com/t5/General-Topics/VPN-Source-NAT-subnet-and-actual-in-same-Encryption-domain/m-p/16780#M2811 <HTML><HEAD></HEAD><BODY><P>What do logs say? Drop on last rule or something else? How is your rule set up?</P></BODY></HTML> Tue, 07 Aug 2018 12:03:00 GMT https://community.checkpoint.com/t5/General-Topics/VPN-Source-NAT-subnet-and-actual-in-same-Encryption-domain/m-p/16780#M2811 Kaspars_Zibarts 2018-08-07T12:03:00Z https://community.checkpoint.com/t5/General-Topics/VPN-Source-NAT-subnet-and-actual-in-same-Encryption-domain/m-p/16781#M2812 <HTML><HEAD></HEAD><BODY><P>Do you have two manual NAT rules created for egress and ingress of the traffic coming from or destined to the VPN peer?</P></BODY></HTML> Tue, 07 Aug 2018 20:31:09 GMT https://community.checkpoint.com/t5/General-Topics/VPN-Source-NAT-subnet-and-actual-in-same-Encryption-domain/m-p/16781#M2812 Vladimir 2018-08-07T20:31:09Z https://community.checkpoint.com/t5/General-Topics/VPN-Source-NAT-subnet-and-actual-in-same-Encryption-domain/m-p/16782#M2813 <HTML><HEAD></HEAD><BODY><P>Hi&nbsp;</P><P>Yes we have two manual NAT's for both egress and ingress.</P><P></P><P>Yesterday in the maintenance&nbsp;window we got the VPN up and running, we didn't do any changes, the issue was the ruleset in the other end.&nbsp;</P><P></P><P>The logs translated correctly as intended.&nbsp;</P><P></P><P>I was just curious towards the design of the Checkpoint whether it might cause an issue having both the actual and NAT'ed subnet in the encryption domain.</P><P></P><P>Thank you both for your replies <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" />&nbsp;</P></BODY></HTML> Wed, 08 Aug 2018 09:24:49 GMT https://community.checkpoint.com/t5/General-Topics/VPN-Source-NAT-subnet-and-actual-in-same-Encryption-domain/m-p/16782#M2813 Markus_Hoyer1 2018-08-08T09:24:49Z