https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-To-Site-VPN-with-NAT-on-localy-managed-SMB-device/m-p/58731#M2283 <P>Did you add the translated range (after NAT) to your local encryption domain?</P> Mon, 22 Jul 2019 16:30:12 GMT Pedro_Espindola 2019-07-22T16:30:12Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-To-Site-VPN-with-NAT-on-localy-managed-SMB-device/m-p/58598#M2270 <P>Hello,</P><P>Im having issue with hide nat on localy managed 1200R. I need traffic to have hide NATed source and than enter the tunnel. What happens is that traffic is being NATed but then it just exits wan port without entering the tunnel.</P><P>Any ideas how to get this sorted?&nbsp;</P><P>&nbsp;</P><P>Thank you.</P> Fri, 19 Jul 2019 16:34:12 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-To-Site-VPN-with-NAT-on-localy-managed-SMB-device/m-p/58598#M2270 Chonyi 2019-07-19T16:34:12Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-To-Site-VPN-with-NAT-on-localy-managed-SMB-device/m-p/58620#M2271 <P>Did you uncheck Disable NAT for this site?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2019-07-19 at 2.24.28 PM.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1927i14D17EA9392645FF/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2019-07-19 at 2.24.28 PM.png" alt="Screen Shot 2019-07-19 at 2.24.28 PM.png" /></span></P> Fri, 19 Jul 2019 21:27:25 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-To-Site-VPN-with-NAT-on-localy-managed-SMB-device/m-p/58620#M2271 PhoneBoy 2019-07-19T21:27:25Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-To-Site-VPN-with-NAT-on-localy-managed-SMB-device/m-p/58690#M2280 I have tried both ways, everytime I see NATed packets on WAN port without encryption.<BR /> Mon, 22 Jul 2019 08:10:48 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-To-Site-VPN-with-NAT-on-localy-managed-SMB-device/m-p/58690#M2280 Chonyi 2019-07-22T08:10:48Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-To-Site-VPN-with-NAT-on-localy-managed-SMB-device/m-p/58707#M2282 <P>I finnaly got this working.</P><P>There are few requirements that need to be fulfilled in order for source NAT to function inside a tunnel.</P><P>Both original and NAT source need to be part of local encryption domain.</P><P>Policy rule allowing original source network to communicate with remote destination network should be defined in outgoing and incoming rules.</P><P>In VPN settings&gt;Advanced tab disable NAT for this site shouldn't be checked.</P><P>NAT rules should be defined appropriately.</P><P>&nbsp;</P><P>Cheers!</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 22 Jul 2019 12:15:10 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-To-Site-VPN-with-NAT-on-localy-managed-SMB-device/m-p/58707#M2282 Chonyi 2019-07-22T12:15:10Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-To-Site-VPN-with-NAT-on-localy-managed-SMB-device/m-p/58731#M2283 <P>Did you add the translated range (after NAT) to your local encryption domain?</P> Mon, 22 Jul 2019 16:30:12 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Site-To-Site-VPN-with-NAT-on-localy-managed-SMB-device/m-p/58731#M2283 Pedro_Espindola 2019-07-22T16:30:12Z