Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Richard_Cullum
Participant

S2S with local VPN Peer static NAT

S2S VPN over the Internet. Using public ip addresses as peer addresses. If my  Check Point R80.10 gateway external ip address is a private address for BGP peering, can I terminate a S2S VPN on the gateway by using a public ip Static NAT configured on the same gateway? It's quite common to see scenarios where there is a Public<=translates to=>Private NAT device in front of the VPN peer, but does it work if the Check Point VPN peer also does the NAT required as well? 

(Check Point R80.10 cluster Private IP<=translate to=>Public NAT) <=VPN connects to => Remote VPN Peer Public IP

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

I believe so, you would set the appropriate IP in Gateway Object > IPSec VPN > Link Selection.


0 Kudos
Richard_Cullum
Participant

Thanks for the above info and I guess that means I can define the statically NATd IP address. But I have found this KB article sk44978 that suggest for IKEv2 , it will always use Main IP. So is IKEv2 problematic where any NAT traversal for a S2S vpn is required?

0 Kudos
PhoneBoy
Admin
Admin

Forgot about that particular limitation.

Hadn’t heard of specific issues around it, though.

The SK does mention a workaround.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events