cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

S2S with local VPN Peer static NAT

S2S VPN over the Internet. Using public ip addresses as peer addresses. If my  Check Point R80.10 gateway external ip address is a private address for BGP peering, can I terminate a S2S VPN on the gateway by using a public ip Static NAT configured on the same gateway? It's quite common to see scenarios where there is a Public<=translates to=>Private NAT device in front of the VPN peer, but does it work if the Check Point VPN peer also does the NAT required as well? 

(Check Point R80.10 cluster Private IP<=translate to=>Public NAT) <=VPN connects to => Remote VPN Peer Public IP

0 Kudos
3 Replies
Admin
Admin

Re: S2S with local VPN Peer static NAT

I believe so, you would set the appropriate IP in Gateway Object > IPSec VPN > Link Selection.


0 Kudos

Re: S2S with local VPN Peer static NAT

Thanks for the above info and I guess that means I can define the statically NATd IP address. But I have found this KB article sk44978 that suggest for IKEv2 , it will always use Main IP. So is IKEv2 problematic where any NAT traversal for a S2S vpn is required?

0 Kudos
Admin
Admin

Re: S2S with local VPN Peer static NAT

Forgot about that particular limitation.

Hadn’t heard of specific issues around it, though.

The SK does mention a workaround.

0 Kudos