https://community.checkpoint.com/t5/General-Topics/Natting-on-a-different-subnet-that-is-not-configured-on-the/m-p/21542#M3976 <HTML><HEAD></HEAD><BODY><P>To confirm are the /25 and /29 overlapping networks?</P><P></P><P>Manual NAT is one approach, proxy-arp shouldn't be required unless the NAT IP is from the same subnet as the external interface IP.</P></BODY></HTML> Mon, 07 Jan 2019 10:23:18 GMT Chris_Atkinson 2019-01-07T10:23:18Z https://community.checkpoint.com/t5/General-Topics/Natting-on-a-different-subnet-that-is-not-configured-on-the/m-p/21539#M3973 <HTML><HEAD></HEAD><BODY><P>Is it possible to do a loopback NAT on checkpoint like cisco devices where the natted subnets for the servers are of a completely subnet then the ip addresses used for public connections?</P><P>The external ip address on the device is a xx.xx.xx.xx/29 network and the subnet that is going to be used for natting are of xx.xx.xx.xx/25 network.</P><P>when i nat a server to the internet with an ip address of the same external subnet,everything is working fine as usual but when i nat it on the /25 subnet,i cant reach the gateway.</P><P>Is there a correct way to configure this and is this even possible on checkpoint gateways?</P></BODY></HTML> Fri, 04 Jan 2019 04:30:15 GMT https://community.checkpoint.com/t5/General-Topics/Natting-on-a-different-subnet-that-is-not-configured-on-the/m-p/21539#M3973 Nima_Chogyal 2019-01-04T04:30:15Z https://community.checkpoint.com/t5/General-Topics/Natting-on-a-different-subnet-that-is-not-configured-on-the/m-p/21540#M3974 <HTML><HEAD></HEAD><BODY><P>Yes the two approaches are possible, the former relies on proxy-arp the latter on routing.</P><P></P><P>Are the upstream devices routing the x.x.x.x/25 subnet towards the security gateway?</P></BODY></HTML> Fri, 04 Jan 2019 06:27:32 GMT https://community.checkpoint.com/t5/General-Topics/Natting-on-a-different-subnet-that-is-not-configured-on-the/m-p/21540#M3974 Chris_Atkinson 2019-01-04T06:27:32Z https://community.checkpoint.com/t5/General-Topics/Natting-on-a-different-subnet-that-is-not-configured-on-the/m-p/21541#M3975 <HTML><HEAD></HEAD><BODY><P>Hi Chris,</P><P>The upstream devices has routed the /25 network to the gateways, but the external subnets of the gateways are of /29 network and the ip of the devices to be natted to the internet are of /25 subnet(publicIP).</P><P>I have looked into some of the sk and im not sure if the solution is to create manual NAT rules and configure proxy-arp on the cluster members.</P></BODY></HTML> Mon, 07 Jan 2019 05:11:24 GMT https://community.checkpoint.com/t5/General-Topics/Natting-on-a-different-subnet-that-is-not-configured-on-the/m-p/21541#M3975 Nima_Chogyal 2019-01-07T05:11:24Z https://community.checkpoint.com/t5/General-Topics/Natting-on-a-different-subnet-that-is-not-configured-on-the/m-p/21542#M3976 <HTML><HEAD></HEAD><BODY><P>To confirm are the /25 and /29 overlapping networks?</P><P></P><P>Manual NAT is one approach, proxy-arp shouldn't be required unless the NAT IP is from the same subnet as the external interface IP.</P></BODY></HTML> Mon, 07 Jan 2019 10:23:18 GMT https://community.checkpoint.com/t5/General-Topics/Natting-on-a-different-subnet-that-is-not-configured-on-the/m-p/21542#M3976 Chris_Atkinson 2019-01-07T10:23:18Z https://community.checkpoint.com/t5/General-Topics/Natting-on-a-different-subnet-that-is-not-configured-on-the/m-p/21543#M3977 <HTML><HEAD></HEAD><BODY><P>No the networks are not overlapping. Its been separated to different subnets. I tried manual nat and what i have noticed is that only the ip that is being manually natted can ping the nated public ip, others cant ping it.does this mean that the configuration is right? or is there a route issue on the router?</P></BODY></HTML> Fri, 25 Jan 2019 04:57:20 GMT https://community.checkpoint.com/t5/General-Topics/Natting-on-a-different-subnet-that-is-not-configured-on-the/m-p/21543#M3977 Nima_Chogyal 2019-01-25T04:57:20Z